Map an organization group claim to an ADAM attribute and value (group claim extraction)
Updated: September 13, 2007
Applies To: Windows Server 2003 R2
When you use Active Directory Application Mode (ADAM) as the Active Directory Federation Services (ADFS) account store for a Federation Service, an organization group claim maps to a Lightweight Directory Access Protocol (LDAP) attribute and value of the user account in ADAM. This mapping is called a group claim extraction. For example, suppose that the organization group claim Manager is mapped to the ADAM user account attribute memberOf and the value CN=ADAMTestGroup,CN=Users,DC=adatum,DC=com. In this case, if the ADAM store user account for the logged-on user has the memberOf attribute and that attribute has a value of CN=ADAMTestGroup,CN=Users,DC=adatum,DC=com, the organization group claim Manager is generated for the user. If both the memberOf attribute and the corresponding value that is specified in the group claim extraction are not present on the user account, the organization group claim is not generated.
To complete this procedure, you must be a member of the Administrators group on the local computer.
To map an organization group claim to an ADAM attribute and value
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Account Stores, right-click ADAM, point to New, and then click Group Claim Extraction.
In the Create a New Group Claim Extraction dialog box, in Attribute and Value, type the LDAP attribute and its value, respectively.
In Map to this Organization Claim, select the organization group claim to map to the ADAM attribute and value, and then click OK.