AD Group
The function of AD Group is to form one or more LDAP groups into one packet to form Access Condition. Add "AD Group" condition in the Access Scenario, which is used when matching the background scenario.
When the user authentication goes online, the background performs "AD Group" condition matching and authorizes the corresponding access policy.
Functions
Parameters
- Service Group: Select a service group for the AD group. The service group ensures privilege management of the AD group. The administrators and maintainers can add the AD group to one of the service groups to which they have the management privilege.
- LDAP Group List: One or multiple unrepeated LDAP Groups. One AD group can contain up to 256 LDAP Groups.
Precautions
- If the AD group on the LDAP server contains subgroups and users belong to subgroups, you must also add the subgroups to the AD group. The system cannot synchronize subgroups from the LDAP server automatically.
- When you rename an AD group on the LDAP server, you must rename both the group name and the group name for versions earlier than Windows 2000.
- After renaming or deleting an AD group on the LDAP server, you must manually add the renamed AD group or delete the AP group on INC. The system cannot update AP groups automatically. As a best practice, delete the old AD group after adding the renamed group.
Related Topics