Implementing ADFS using the new feature within KB2919355 for Windows Server 2012 R2 called Alternative Login ID? (http://technet.microsoft.com/en-us/library/dn659436.aspx)

The configuration for Alternative Login ID is fairly simple, the extensionAttributes/CustomAttributes can be used and I want to share a script with you for populating values into the attributes.

Use the script as much as you want, make sure to test it before implementing into production.
All contents is provided “AS IS” with no warranties, and confers no rights. You assume all risk for your use.

 

# +=======================================================================
# | Blog: http://www.testlabs.se/blog
# | Twitter: @jonand82
# | =============================================
# | Filename: populate_extensionattribute15_v1.0.ps1
# |
# | CREATED BY: Jonas Andersson
# | FUNCTION: Populates users extensionAttribute15 with SamAccountName plus a value
# |
# | CHANGE LOG:
# | v1.0 - 2014-05-28, *Created*
# +=======================================================================

$users = Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=Users,OU=Testlabs,DC=testlabs,DC=se" | Select-Object DistinguishedName, SamAccountName
$value = "@testlabs.se"
foreach ($i in $users)
{
$ext = ($i.SamAccountName) + $value
Write-Host "extensionAttribute15:", $ext

$id = $i.DistinguishedName
$user = Get-ADUser -Identity $id -Properties extensionAttribute1
Set-ADUser –Identity $user -Clear "extensionAttribute15"
Set-ADUser -Identity $user -Add @{extensionAttribute15 = $ext}
}