Can you grant read-only access to ADFS Management Application? Or export relying party configs for review? RRS feed

  • Question

  • I have been asked to see if I can find a way to grant our security team read-only access to out ADFS environment. They wish to review the relying partner trust settings, etc. Can this be done? If not can we export the relying trust party configs and other settings so they can review all the settings?

    Many thanks in advance!

    Tuesday, January 30, 2018 1:28 AM

All replies

  • Hello,

    I am not sure you can grant just read only access. Because you may need to give them RDP access to the adfs server. 

    Yes you can export the Relying part through powershell


    this will display all the RP and you can output to csv or txt

    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Thursday, February 1, 2018 7:23 AM
  • You can export  to an XML file which contain all RPs and rules

    get-adfsrelyingpartytrust | Export-Clixml XXXX.xml

    Saturday, February 3, 2018 7:19 AM
  • You can do it through Just Enough Admin. I have a example on GitHub (but not public yet). Let me know if you want to test it.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 5, 2018 1:47 PM
  • Hi Pierre,

    Thoughts on when you may release your JEA stuff by chance?  Thanks

    • Edited by djeinck Tuesday, December 4, 2018 4:55 PM
    Tuesday, December 4, 2018 4:50 PM