In Windows Server 2012 R2 ADFS (well that everybody calls ADFS 3), the display name of the ADFS farm was also the display name of the Active Directory claim provider name in the Home Realm Discovery page.
[code language=”PowerShell”]Get-AdfsProperties | Select-Object DisplayName
#Output:
#DisplayName
#———–
#Yoga Corp.[/code]
Here what it looked like:
And this regardless of the actual name of the claim provider trust for AD:
[code language=”PowerShell”]Get-AdfsClaimsProviderTrust -Identifier "AD AUTHORITY" | Select-Object Name
#Output:
#Name
#—-
#Active Directory[/code]
In Windows Server 2016 ADFS (also known as ADFS 4…) this isn’t the case anymore. The display name of the farm is no longer the display name of the Active Directory claim provider trust. As a result, the Home Realm Discovery page will look like this:
We can see that the display name of my farm is Piaudonn ADFS 2016 and that the display name of my AD claim provider is Active Directory. Some PowerShell to illustrate the difference:
[code language=”PowerShell”]Get-AdfsProperties | Select-Object DisplayName
#Output:
#DisplayName
#———–
#Piaudonn ADFS 2016
Get-AdfsClaimsProviderTrust -Identifier "AD AUTHORITY" | Select-Object Name
#Output:
#Name
#—-
#Active Directory[/code]
So the first reflex we have to change it since it is no longer the display name of the farm, is to change the name of the AD claim provider trust directly:
[code language=”PowerShell”]Get-AdfsClaimsProviderTrust -Identifier "AD AUTHORITY" | Set-AdfsClaimsProviderTrust -Name "Corp Users"[/code]
But here is the output:
Set-AdfsClaimsProviderTrust : PS0027: No properties except AcceptanceTransformRules and AcceptanceTransformRulesFile can be modified on the ADAuthority claims provider trust.
So, here is a workaround.
JavaTrick
We will use the OnLoad.js JavaScript present in all rendered page to dynamically change the display name “Active Directory” into what ever we want. In my case: Corp Users.
- Create a custom web theme for you ADFS farm.
Note that JavaScript customization cannot be done for the default web theme. If you already have a custom web theme, you can skip this and go to step 2.[code language=”PowerShell”]New-AdfsWebTheme -Name CorpWebTheme -SourceName Default[/code]
If you already have set a logo and an illustration picture in the default theme, because I used the Default as the source, they will automatically be present in the newly created CorpWebTheme.
- Export the current OnLoad.js to be able to modify it.
We create the folder C:CorpWebTheme and run the following cmdLet:[code language=”PowerShell”]Export-AdfsWebTheme -Name CorpWebTheme -DirectoryPath C:CorpWebTheme[/code]
This is what we get in our folder:
C:>tree /F C:CorpWebTheme Folder PATH listing Volume serial number is 5C78-23B0 C:CORPWEBTHEME ├───css │ style.css │ style.rtl.css │ ├───illustration │ illustration.png │ ├───images │ └───idp │ idp.png │ localsts.png │ otherorganizations.png │ └───script onload.js
We can see the onload.js in the script subfolder.
- Modify the JavaScript.
We need to detect what is the identifier of the Active Directory display name in the HTML rendering. I use the developer mode of IE (just pressed F12) and use the DOM selector to identify where in is the string is in the page:
![hrd_name_2]()
Not a good news, it seems that the claim provider trust display names do not have a unique identifier and they all have the same class:
![hrd_name_3]()
And it seems that the Active Directory claim provider trust is always the last one (bottom of the list, at least it my labs, if it is not the case in yours, please let me know).Update: I changed the orignal code since it appears that the Active Directory claim provider trust is not always at the end of the list. Hence, the code is looking for the AD trust before replacing its display name.
So I open the onload.js and add the following code at the end of it:[code language=”JavaScript”]//Check if we are in the HRD page
if ( document.getElementById("hrdArea") ) {
var strADCPName = "Corp Users" ;
//Create an array of all claim provider trust section in the page
var listAllSpanForIdp = document.getElementsByClassName("idpDescription float") ;
var inc;
for (inc = 0; inc < listAllSpanForIdp.length; inc++) {
if ( listAllSpanForIdp[ inc ].innerHTML == "<span class="largeTextNoWrap indentNonCollapsible">Active Directory</span>" ) {
//Change the HTML content of the matching section to the value specified in the strADCPName variable
listAllSpanForIdp[ inc ].innerHTML = "<span class="largeTextNoWrap indentNonCollapsible">"+ strADCPName +"</span>" ;
}
}
}[/code]The code is quite self explanatory, I change the HTML content last occurrence of the class “idpDescription float” and replace it with “Corp Users”. I save the file with the same name (we can actually give it the name you want, it does not matter).
- Import the modified OnLoad.js script back into the web theme.
I import the script back into the web theme:[code language=”PowerShell”]Set-AdfsWebTheme -TargetName CorpWebTheme -AdditionalFileResource @{Uri="/adfs/portal/script/onload.js";path="C:CorpWebThemescriptonload.js"}[/code]
Once imported you can delete the CorpWebTheme folder. It is no longer used (you imported your JavaScript directly into the ADFS database). And if the webtheme is not the active one, remember to enable it:
[code language=”PowerShell”]Set-AdfsWebConfig -ActiveThemeName CorpWebTheme[/code]
And here is the final result:
Let me know how it goes in the comments section!