Amethi's questions

I'm using Certificate Based Authentication in ADFS 3.0 and need to get the Subject field from the client certificate issued as a claim, but it's not available as an incoming claim to ADFS.

When I enable auditing I can see that it's present in the caller identity as the following claim type: http://schemas.microsoft.com/2012/12/certificatecontext/field/subject

But it doesn't get issued in the Issued identity, and thus is not available as an incoming claim to use in the Claims Rules.

Has anyone done this before? Can you tweak the incoming claims from client certificates?

Does anybody know if it's possible to extend the functionality offered by the Exchange E-mail address policies, i.e. call out to a custom component to determine the address?

We are implementing a new system that manages AD data, and that will quite likely change existing account data, i.e. first names, middle names and last names. This would result in the Exchange policy updating the email address which is not what we want. We want addresses to remain unchanged.

My desire is that the policies could be modified somehow to only take effect on NEW accounts, not existing ones, but the policy generating wizard is not that flexible, it has no concept of dates or other AD attributes that could be used to determine the trigger.

I'd love to be able to drop in a .net component or something similar, that would allow precise definition of the policies.

Wishful thinking?