Map an organization group claim to an Active Directory group (group claim extraction)

Applies To: Windows Server 2003 R2

When you use Active Directory as the Active Directory Federation Services (ADFS) account store for an account Federation Service, you map an organization group claim to a security group in Active Directory. This mapping is called a group claim extraction.

Perform this procedure in the account Federation Service.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To map an organization group claim to an Active Directory group

1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Account Stores, right-click Active Directory, point to New, and then click Group Claim Extraction.

3. In the Create a New Group Claim Extraction dialog box, click Add, and then select the Active Directory security group that you want to map to a group claim.

4. In Map to this Organization Claim, select the group claim to map to the Active Directory security group, and then click OK.

See Also

Concepts

Map an organization group claim to an ADAM attribute and value (group claim extraction)
Map an organization custom claim to an Active Directory or ADAM user attribute (custom claim extraction)