Windows Server

United States (English) Sign in

Print This Topic Print Multiple Topics

Home Windows Server 2012 Windows Server 2008 R2 Windows Server 2003 Library Forums

TechNet Library

Windows Server 2003

Deployment

R2: Deployment (R2 only)

ADFS Deployment Guide

Deploying Partner Organizations

Checklist: Configuring the account partner organization

Checklist: Configuring the resource partner organization

Checklist: Implementing a resource account mapping method

Add a new account partner by manually configuring the trust policy

Add a new account partner by importing an existing policy file

Add a new resource partner by manually configuring the trust policy

Add a new resource partner by importing an existing policy file

Create an organization group or custom claim

Create an incoming group claim mapping

Create an incoming custom claim mapping

Create an outgoing group or custom claim mapping

Add an Active Directory account store

Add an ADAM account store

Map an organization group claim to an Active Directory group (group claim extraction)

Map an organization custom claim to an Active Directory or ADAM user attribute (custom claim extraction)

Map an organization group claim to an ADAM attribute and value (group claim extraction)

Map an organization group claim to a resource group

Create a resource account in the resource partner forest

Configure resource account options

Enable enhanced identity privacy

Configure a claims transform module

Configure an account partner to use Windows trust

Configure a resource partner to use Windows trust

Distribute certificates to client computers using Group Policy

Configure client computers to trust the account federation server

Minimize

This topic has not yet been rated - Rate this topic

Map an organization group claim to an Active Directory group (group claim extraction)

Updated: September 13, 2007

Applies To: Windows Server 2003 R2

When you use Active Directory as the Active Directory Federation Services (ADFS) account store for an account Federation Service, you map an organization group claim to a security group in Active Directory. This mapping is called a group claim extraction.

Perform this procedure in the account Federation Service.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To map an organization group claim to an Active Directory group

Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Account Stores, right-click Active Directory, point to New, and then click Group Claim Extraction.
In the Create a New Group Claim Extraction dialog box, click Add, and then select the Active Directory security group that you want to map to a group claim.
In Map to this Organization Claim, select the group claim to map to the Active Directory security group, and then click OK.

See Also

Concepts

Map an organization group claim to an ADAM attribute and value (group claim extraction)
Map an organization custom claim to an Active Directory or ADAM user attribute (custom claim extraction)

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Additions

© 2013 Microsoft

Manage Your Profile

|

Site Feedback

© 2013 Microsoft. All rights reserved.