This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

map users into groups in a multi-forest AD design

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

map users into groups in a multi-forest AD design

Carracido
L3 Networker

‎02-28-2023 10:29 AM

Hello Community!

 

I´m trying to find a solution for the following problem:

 

I have two different forests created in the same Active Directory:

Forest_1:
subdomain_1.domain_1.com

 

Forest_2:
subdomain_2.domain_2.com

 

There is a trust between the two forests

 

I have also the universal group_X in subdomain_1: subdomain_1\group_X

 

I added the User_Bob belonging to subdomain_2.domain_2.com into group_X

 

Is there any way to make the firewall map the User_Bob into group_X?

 

I tried several configurations but is not retrieving the mapping.

 

cheers.

0 Likes Likes
1 REPLY 1

Joloalik
L0 Member

‎02-28-2023 09:45 PM - edited ‎03-01-2023 09:31 PM

Use a global catalog: A global catalog (GC) is a searchable directory that contains information about all objects in a forest. It provides a central repository of information that can be used to map users from different domains into groups. To use a GC, you need to configure your AD environment to allow cross-forest queries. AIM Provider Portal Customer Service

Use universal groups: Universal groups are a type of group that can contain members from any domain in the forest. They are designed to be used in multi-domain and multi-forest environments. By using universal groups, you can create a single group that contains members from multiple domains.

Use group nesting: Group nesting is the process of adding a group as a member of another group. This allows you to create hierarchical structures of groups that can be used to map users from different domains into groups. For example, you can create a group in each domain that contains users from that domain, and then create a universal group that contains all of these domain-specific groups.

Use group mappings: Group mappings are a feature of Active Directory Federation Services (AD FS) that allow you to map groups from one forest to another forest. This can be useful if you have multiple forests that need to share authentication information.

Use synchronization tools: There are several synchronization tools available that can be used to synchronize user and group information between forests. These tools can be used to create a single view of users and groups across multiple forests.

0 Likes Likes
  • 1349 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks