SharePoint: How do I resolve/search for claims using PowerShell?

Question

I have a SharePoint (2010) web application that is set up with claims based authentication, with two claims providers (Azure ACS and ADFS). From SP Central Admin -> Manage Web Applications -> User Policy -> Add Users, I'm able to search for users in the different identity providers (I believe the control is called "People Picker").

Is it possible to use a similar functionality to that of the people picker in PowerShell?

In principle, what I need is something like this:

$claim = Resolve-Claim "alice.bob@gmail.com"

which would return the "fully qualified" user name (including the claims prefix), e.g. i:05.t|acs|alice.bob@gmail.com, by searching all the claims providers that is added to SharePoint.

Is this possible? Or at least, is it possible to enumerate the claims providers, and search on each individually (that is also acceptable)?

Answer 1

I found some kind of solution...

$claimManager = New-Object Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager

$providers = @()

foreach ($cp in $claimManager.TrustedClaimProviders)
{
    $providers += $cp
}
$provider = $providers[0]
$userId = $provider.Search("http://localhost", $null, $UserName, $null, 1).Children[0].EntityData[0].Key

The main issues with this solution:

Providers going through e.g. Azure ACS doesn't actually search to see if the user ID exists, but just returns a claim. This gives me the prefix for this ID provider, but I don't know if it's valid, thus I don't know if I should continue searching the other ID providers, or if I should just stop.

But I'm not sure if this is a configuration issue in ACS, or if it's an inherent weakness in the implementation of the Search method for identity providers in SharePoint.