Q&D - Backup/Restore your ADFS claim rules for Office 365

When it comes to try and fail fast, nothing better than to be able to restore things the way it used to be before you broke everything :) Here are some examples of PowerShell cmdLets you can rule to export your claim rules for the Azure AD Relying Party Trust into files and re-import them as soon as your realized that you just broke everything with your new rules.

 

 
Get-AdfsRelyingPartyTrust -Identifier "urn:federation:MicrosoftOnline" | Select-Object -ExpandProperty IssuanceTransformRules | Out-File IssuanceTransformRules.bk
Get-AdfsRelyingPartyTrust -Identifier "urn:federation:MicrosoftOnline" | Select-Object -ExpandProperty IssuanceAuthorizationRules | Out-File IssuanceAuthorizationRules.bk
Get-AdfsRelyingPartyTrust -Identifier "urn:federation:MicrosoftOnline" | Select-Object -ExpandProperty AdditionalAuthenticationRules | Out-File AdditionalAuthenticationRules.bk

#Break everything
#Cry a little bit
#Restore what was set before
 
Set-AdfsRelyingPartyTrust -TargetIdentifier "urn:federation:MicrosoftOnline" -IssuanceTransformRulesFile IssuanceTransformRules.bk
Set-AdfsRelyingPartyTrust -TargetIdentifier "urn:federation:MicrosoftOnline" -IssuanceAuthorizationRulesFile IssuanceAuthorizationRules.bk
Set-AdfsRelyingPartyTrust -TargetIdentifier "urn:federation:MicrosoftOnline" -AdditionalAuthenticationRulesFile AdditionalAuthenticationRules.bk

Comments

  • Anonymous
    August 27, 2016
    Thanks
  • Anonymous
    May 02, 2018
    True lifesaver commands. Thanks Pierre.
  • Anonymous
    December 03, 2018
    Hey Pierre, would you recommend to use these commands in conjunction with the Rapid Restore Tool? I noticed that Rapid Restore does not backup your relying party trusts or claim rules