AD FS reset RPT Access Control Policy

I recently was tasked with troubleshooting a malfunctioning Relying Party Trust on a customers AD FS.

As a troubleshooting step, I wanted to remove the Access Control Policy on the RPT, and go back to the good old IssuanzeAuthorizationPolicy. There does not seem to be any obvious way of doing this via the GUI, so I had to find out if it was possible.

Turns out, someone had already done this. In short, use PowerShell.

To first revert to IssuanzeAuthorizationPolicy:

Get-AdfsRelyingPartyTrust “<RPT Name>” | Set-AdfsRelyingPartyTrust -AccessControlPolicyName $null

To assign “Permit Everyone” Access Control Policy:

Get-AdfsRelyingPartyTrust “<RPT Name>” | Set-AdfsRelyingPartyTrust -AccessControlPolicyName “Permit Everyone”

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.