Map an Organization Group Claim to a Resource Group

Updated: January 31, 2008

Applies To: Windows Server 2008

Organization group claims in the resource Federation Service can be mapped to resource groups, which reside in Active Directory Domain Services (AD DS), so that federated users who have the organization group claim are treated as members of that resource group. Therefore, you must create a security group (which is the resource group) in the resource partner forest that represents the users who have the organization group claim but do not have domain user accounts in the resource partner forest. After you create the organization group claim, map the claim to the resource group that you created in the resource partner forest.

noteNote
This procedure is not required if the resource partner forest trusts the account partner forest and the Windows trust option is selected in the Active Directory Federation Services snap-in in both the account Federation Service and the resource Federation Service.

Perform this procedure on a resource federation server.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, and then click Organization Claims.

  3. In the details pane, right-click the organization group claim that requires mapping to a local group, click Properties, and then click the Resource Group tab.

  4. Select the Map this claim to the following local resource group check box, and then click the button.

  5. In Enter the object name to select, type the name of the resource group that you want to map to the group claim, and then click OK.

  6. In the Group Claim Properties dialog box, click OK.

Community Additions

ADD
Show: