Windows PowerShell Copyright (C) 2016 Microsoft Corporation. All rights reserved. PS C:\Users\administrator> Get-AdfsClaimDescription | FL ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress IsAccepted : True IsOffered : True IsRequired : False Name : E-Mail Address ShortName : email Notes : The e-mail address of the user ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname IsAccepted : True IsOffered : True IsRequired : False Name : Given Name ShortName : given_name Notes : The given name of the user ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name IsAccepted : True IsOffered : True IsRequired : False Name : Name ShortName : unique_name Notes : The unique name of the user ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn IsAccepted : True IsOffered : True IsRequired : False Name : UPN ShortName : upn Notes : The user principal name (UPN) of the user ClaimType : http://schemas.xmlsoap.org/claims/CommonName IsAccepted : True IsOffered : True IsRequired : False Name : Common Name ShortName : commonname Notes : The common name of the user ClaimType : http://schemas.xmlsoap.org/claims/EmailAddress IsAccepted : True IsOffered : True IsRequired : False Name : AD FS 1.x E-Mail Address ShortName : adfs1email Notes : The e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0 ClaimType : http://schemas.xmlsoap.org/claims/Group IsAccepted : True IsOffered : True IsRequired : False Name : Group ShortName : group Notes : A group that the user is a member of ClaimType : http://schemas.xmlsoap.org/claims/UPN IsAccepted : True IsOffered : True IsRequired : False Name : AD FS 1.x UPN ShortName : adfs1upn Notes : The UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0 ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/role IsAccepted : True IsOffered : True IsRequired : False Name : Role ShortName : role Notes : A role that the user has ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname IsAccepted : True IsOffered : True IsRequired : False Name : Surname ShortName : family_name Notes : The surname of the user ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier IsAccepted : True IsOffered : True IsRequired : False Name : PPID ShortName : ppid Notes : The private identifier of the user ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier IsAccepted : True IsOffered : True IsRequired : False Name : Name ID ShortName : sub Notes : The SAML name identifier of the user ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant IsAccepted : True IsOffered : True IsRequired : False Name : Authentication time stamp ShortName : auth_time Notes : Used to display the time and date that the user was authenticated ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod IsAccepted : True IsOffered : True IsRequired : False Name : Authentication method ShortName : authmethod Notes : The method used to authenticate the user ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid IsAccepted : True IsOffered : True IsRequired : False Name : Deny only group SID ShortName : denyonlysid Notes : The deny-only group SID of the user ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid IsAccepted : True IsOffered : True IsRequired : False Name : Deny only primary SID ShortName : denyonlyprimarysid Notes : The deny-only primary SID of the user ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid IsAccepted : True IsOffered : True IsRequired : False Name : Deny only primary group SID ShortName : denyonlyprimarygroupsid Notes : The deny-only primary group SID of the user ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid IsAccepted : True IsOffered : True IsRequired : False Name : Group SID ShortName : groupsid Notes : The group SID of the user ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid IsAccepted : True IsOffered : True IsRequired : False Name : Primary group SID ShortName : primarygroupsid Notes : The primary group SID of the user ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid IsAccepted : True IsOffered : True IsRequired : False Name : Primary SID ShortName : primarysid Notes : The primary SID of the user ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname IsAccepted : True IsOffered : True IsRequired : False Name : Windows account name ShortName : winaccountname Notes : The domain account name of the user in the form of domain\user ClaimType : http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser IsAccepted : True IsOffered : True IsRequired : False Name : Is Registered User ShortName : isregistereduser Notes : User is registered to use this device ClaimType : http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier IsAccepted : True IsOffered : True IsRequired : False Name : Device Identifier ShortName : deviceid Notes : Identifier of the device ClaimType : http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid IsAccepted : True IsOffered : True IsRequired : False Name : Device Registration Identifier ShortName : deviceregid Notes : Identifier for Device Registration ClaimType : http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname IsAccepted : True IsOffered : True IsRequired : False Name : Device Registration DisplayName ShortName : devicedispname Notes : Display name of Device Registration ClaimType : http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype IsAccepted : True IsOffered : True IsRequired : False Name : Device OS type ShortName : deviceostype Notes : OS type of the device ClaimType : http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion IsAccepted : True IsOffered : True IsRequired : False Name : Device OS Version ShortName : deviceosver Notes : OS version of the device ClaimType : http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged IsAccepted : True IsOffered : True IsRequired : False Name : Is Managed Device ShortName : deviceismanaged Notes : Device is managed by a management service ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip IsAccepted : True IsOffered : True IsRequired : False Name : Forwarded Client IP ShortName : forwardedclientip Notes : IP address of the user ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application IsAccepted : True IsOffered : True IsRequired : False Name : Client Application ShortName : clientapplication Notes : Type of the Client Application ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent IsAccepted : True IsOffered : True IsRequired : False Name : Client User Agent ShortName : clientuseragent Notes : Device type the client is using to access the application ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip IsAccepted : True IsOffered : True IsRequired : False Name : Client IP ShortName : clientip Notes : IP address of the client ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path IsAccepted : True IsOffered : True IsRequired : False Name : Endpoint Path ShortName : endpointpath Notes : Absolute Endpoint path which can be used to determine active versus passive clients ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy IsAccepted : True IsOffered : True IsRequired : False Name : Proxy ShortName : proxy Notes : DNS name of the federation server proxy that passed the request ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid IsAccepted : True IsOffered : True IsRequired : False Name : Application Identifier ShortName : relyingpartytrustid Notes : Identifier for the Relying Party ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy IsAccepted : True IsOffered : True IsRequired : False Name : Application policies ShortName : certapppolicy Notes : Application policies of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier IsAccepted : True IsOffered : True IsRequired : False Name : Authority Key Identifier ShortName : certauthoritykeyidentifier Notes : The Authority Key Identifier extension of the certificate that signed an issued certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints IsAccepted : True IsOffered : True IsRequired : False Name : Basic Constraint ShortName : certbasicconstraints Notes : One of the basic constraints of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku IsAccepted : True IsOffered : True IsRequired : False Name : Enhanced Key Usage ShortName : certeku Notes : Describes one of the enhanced key usages of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer IsAccepted : True IsOffered : True IsRequired : False Name : Issuer ShortName : certissuer Notes : The name of the certificate authority that issued the X.509 certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername IsAccepted : True IsOffered : True IsRequired : False Name : Issuer Name ShortName : certissuername Notes : The distinguished name of the certificate issuer ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage IsAccepted : True IsOffered : True IsRequired : False Name : Key Usage ShortName : certkeyusage Notes : One of the key usages of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter IsAccepted : True IsOffered : True IsRequired : False Name : Not After ShortName : certnotafter Notes : Date in local time after which a certificate is no longer valid ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore IsAccepted : True IsOffered : True IsRequired : False Name : Not Before ShortName : certnotbefore Notes : The date in local time on which a certificate becomes valid ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy IsAccepted : True IsOffered : True IsRequired : False Name : Certificate Policies ShortName : certpolicy Notes : The policies under which the certificate has been issued ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa IsAccepted : True IsOffered : True IsRequired : False Name : Public Key ShortName : certpublickey Notes : Public Key of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata IsAccepted : True IsOffered : True IsRequired : False Name : Certificate Raw Data ShortName : certrawdata Notes : The raw data of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/san IsAccepted : True IsOffered : True IsRequired : False Name : Subject Alternative Name ShortName : certsubjectaltname Notes : One of the alternative names of the certificate ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber IsAccepted : True IsOffered : True IsRequired : False Name : Serial Number ShortName : certserialnumber Notes : The serial number of a certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm IsAccepted : True IsOffered : True IsRequired : False Name : Signature Algorithm ShortName : certsignaturealgorithm Notes : The algorithm used to create the signature of a certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/subject IsAccepted : True IsOffered : True IsRequired : False Name : Subject ShortName : certsubject Notes : The subject from the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier IsAccepted : True IsOffered : True IsRequired : False Name : Subject Key Identifier ShortName : certsubjectkeyidentifier Notes : Describes the subject key identifier of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname IsAccepted : True IsOffered : True IsRequired : False Name : Subject Name ShortName : certsubjectname Notes : The subject distinguished name from a certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation IsAccepted : True IsOffered : True IsRequired : False Name : V2 Template Name ShortName : certtemplateinformation Notes : The name of the version 2 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific. ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename IsAccepted : True IsOffered : True IsRequired : False Name : V1 Template Name ShortName : certtemplatename Notes : The name of the version 1 certificate template used when issuing or renewing a certificate. The extension is Microsoft specific. ClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint IsAccepted : True IsOffered : True IsRequired : False Name : Thumbprint ShortName : certthumbprint Notes : Thumbprint of the certificate ClaimType : http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version IsAccepted : True IsOffered : True IsRequired : False Name : X.509 Version ShortName : certx509version Notes : The X.509 format version of a certificate ClaimType : http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork IsAccepted : True IsOffered : True IsRequired : False Name : Inside Corporate Network ShortName : insidecorpnetwork Notes : Used to indicate if a request originated inside corporate network ClaimType : http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime IsAccepted : True IsOffered : True IsRequired : False Name : Password Expiration Time ShortName : pwdexptime Notes : Used to display the time when the password expires ClaimType : http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays IsAccepted : True IsOffered : True IsRequired : False Name : Password Expiration Days ShortName : pwdexpdays Notes : Used to display the number of days to password expiry ClaimType : http://schemas.microsoft.com/ws/2012/01/passwordchangeurl IsAccepted : True IsOffered : True IsRequired : False Name : Update Password URL ShortName : pwdchgurl Notes : Used to display the web address of update password service ClaimType : http://schemas.microsoft.com/claims/authnmethodsreferences IsAccepted : True IsOffered : True IsRequired : False Name : Authentication Methods References ShortName : amr Notes : Used to indicate all authentication methods used to authenticate the user ClaimType : http://schemas.microsoft.com/2012/01/requestcontext/claims/client-request-id IsAccepted : True IsOffered : True IsRequired : False Name : Client Request ID ShortName : clientreqid Notes : Identifier for a user session ClaimType : http://schemas.microsoft.com/ws/2013/11/alternateloginid IsAccepted : False IsOffered : False IsRequired : False Name : Alternate Login ID ShortName : alternateloginid Notes : Alternate login ID of the user ClaimType : http://schemas.microsoft.com/ws/2014/01/identity/claims/accountstore IsAccepted : False IsOffered : False IsRequired : False Name : Account Store ShortName : store Notes : The account store that was used to authenticate the user. ClaimType : http://schemas.microsoft.com/ws/2014/01/identity/claims/anchorclaimtype IsAccepted : False IsOffered : False IsRequired : False Name : Anchor Claim Type ShortName : anchor Notes : The type of claim used to represent the primary identity of the user. ClaimType : http://schemas.microsoft.com/2014/01/clientcontext/claims/appid IsAccepted : False IsOffered : False IsRequired : False Name : OAuth Client Id ShortName : appid Notes : Identifier for the OAuth Client ClaimType : http://schemas.microsoft.com/2014/01/clientcontext/claims/apptype IsAccepted : False IsOffered : False IsRequired : False Name : OAuth Client Type ShortName : apptype Notes : Type of the OAuth Client ClaimType : http://schemas.microsoft.com/2014/09/devicecontext/claims/iscompliant IsAccepted : False IsOffered : False IsRequired : False Name : Device compliance status ShortName : devc Notes : Compliance status of device reported by the management service ClaimType : http://schemas.microsoft.com/2014/02/deviceusagetime IsAccepted : False IsOffered : False IsRequired : False Name : Device Usage Time ShortName : devut Notes : Last time the device is used for accessing the relying party ClaimType : http://schemas.microsoft.com/2014/02/devicecontext/claims/isknown IsAccepted : False IsOffered : False IsRequired : False Name : Is Known Device ShortName : devk Notes : Device is known to the enterprise, either by virtue of being joined to a domain or workplace joined ClaimType : http://schemas.microsoft.com/2014/03/psso IsAccepted : False IsOffered : False IsRequired : False Name : Persistent Single Sign On ShortName : psso Notes : This claim indicates that AD FS has issued a Persistent SSO token. ClaimType : http://schemas.microsoft.com/2015/09/prt IsAccepted : False IsOffered : False IsRequired : False Name : Primary Refresh Token ShortName : prt Notes : This claim indicates that token was issued using a Primary Refresh token. ClaimType : http://schemas.microsoft.com/identity/claims/scope IsAccepted : False IsOffered : False IsRequired : False Name : Scope of access ShortName : scp Notes : Scope of access to a secured resource ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsdevicegroup IsAccepted : False IsOffered : False IsRequired : False Name : Windows device group ShortName : windowsdevicegroup Notes : The windows group SID of the device ClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlywindowsdevicegroup IsAccepted : False IsOffered : False IsRequired : False Name : Windows deny-only device group ShortName : denyonlywindowsdevicegroup Notes : The windows deny-only group SID of the device ClaimType : http://schemas.microsoft.com/2014/09/devicecontext/claims/trusttype IsAccepted : False IsOffered : False IsRequired : False Name : Device Trust Type ShortName : devt Notes : Trust type of the device to indicate if it is a Workplace Join, Domain Join, or another type of join. ClaimType : http://schemas.microsoft.com/2014/09/requestcontext/claims/userip IsAccepted : False IsOffered : False IsRequired : False Name : User IP ShortName : userip Notes : IP address of the user ClaimType : http://schemas.microsoft.com/claims/authnmethodsproviders IsAccepted : False IsOffered : False IsRequired : False Name : Authentication Methods Provider ShortName : amp Notes : The authentication provider used to authenticate the user ClaimType : http://schemas.microsoft.com/2015/12/devicecontext/claims/tokenbindingid1.0 IsAccepted : False IsOffered : False IsRequired : False Name : Token Binding Id ShortName : tbh Notes : Negotiated Token Binding Id for client receiving token ClaimType : http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID IsAccepted : False IsOffered : False IsRequired : False Name : Source user ID ShortName : Notes : PS C:\Users\administrator>