[Data Classification Toolkit] Active Directory Claims Wizard

I've already presented Data Calssification Toolkit : [Windows 8 Server] Data Classification Toolkit for Windows Server 8 Beta.

We'll see today more particularly the Active Directory Claims Wizard.

You can use the Active Directory Claims Wizard to provision new claims or update existing claims with suggested values based of AD DS data

Two options are available in the Active Directory Claims Wizard :

• Scan Active Directory forest or domain claim values
• Upload claim values to Active Directory forest

First we use the first option to scan the AD DS data for possible source attributes to use for building new claim values.

I've already provionned my AD DS forest with about 2800 users.
I've also created 4 Claim Types (Company, Department, Title and Country) in ADAC. I'll base on them later for the classification. 

We launch the Active Directory Claims Wizard :

We choose the first option :

We target just the AD DS domain :

We launch the scan :

We save the export :

The first part is now finished, we can open the export to see which different values have the 4 claim types.

We can now check all the values and modify or add new values if needed.
I choose to add 3 new values (2 company and 1 title).
Moreover I set the Include column to yes for each row to report to include all of the suggested values that must be defined for the claims.

Now we can upload claims values with this modified file.

We choose our modified file and upload values :



We can see that 4 claims have been modified and 45 suggested values added.

Now I go back to ADAC and see what have been changed in the claims.

As you can see all the values of the file have been added to the suggested values in the claims types.

Active Directory Claims Wizard is a very great tool, easy to use and very helpful for enterprise administrator who plan to deploy Dynamic Access Control.