Q&D – Backup/Restore your ADFS claim rules for Office 365

When it comes to try and fail fast, nothing better than to be able to restore things the way it used to be before you broke everything 🙂 Here are some examples of PowerShell cmdLets you can rule to export your claim rules for the Azure AD Relying Party Trust into files and re-import them as soon as your realized that you just broke everything with your new rules.


Get-AdfsRelyingPartyTrust -Identifier "urn:federation:MicrosoftOnline" | Select-Object -ExpandProperty IssuanceTransformRules | Out-File IssuanceTransformRules.bk
Get-AdfsRelyingPartyTrust -Identifier "urn:federation:MicrosoftOnline" | Select-Object -ExpandProperty IssuanceAuthorizationRules | Out-File IssuanceAuthorizationRules.bk
Get-AdfsRelyingPartyTrust -Identifier "urn:federation:MicrosoftOnline" | Select-Object -ExpandProperty AdditionalAuthenticationRules | Out-File AdditionalAuthenticationRules.bk

#Break everything
#Cry a little bit
#Restore what was set before
Set-AdfsRelyingPartyTrust -TargetIdentifier "urn:federation:MicrosoftOnline" -IssuanceTransformRulesFile IssuanceTransformRules.bk
Set-AdfsRelyingPartyTrust -TargetIdentifier "urn:federation:MicrosoftOnline" -IssuanceAuthorizationRulesFile IssuanceAuthorizationRules.bk
Set-AdfsRelyingPartyTrust -TargetIdentifier "urn:federation:MicrosoftOnline" -AdditionalAuthenticationRulesFile AdditionalAuthenticationRules.bk
Comments (1)

Skip to main content