How to write an ADFS claims rule for a custom Active Directory attribute

I worked a case recently for a customer that wanted to pass a custom Active Directory attribute as a claim. It’s actually easy to do and does not require a custom claim rule, but the answer is less than obvious.

To create a new Issuance Transform Rule on the relying party trust. Follow these steps:

Choose Add Rule. 

Use the Send LDAP Attributes as Claims template

 

Name the rule and choose the Active Directory attribute store.

 

Next, type the custom attribute name I the Ldap Attribute dropdown exactly as it appears in ADSI Edit or your favorite ldap browser of choice. Hit enter.

You will notice that now if you choose the dropdown, the custom attribute is saved towards the bottom for future use.

You can now map that attribute to any of the claim types built in to ADFS and select Finish.

That how to map your custom Active Directory attribute in an ADFS claims rule. Deceptively easy.  Hope this helps.