Solved

Forefront UAG 2010 - Authorization: missing domain groups/members

Posted on 2011-02-14
7
1,170 Views
Last Modified: 2013-11-16
Hi,
 
I'm trying to configure specific application access based on a group of users but I cannot see most of my custom domain groups/users. The generic ones exists i.e. Domain Admins but I'm missing a whole chunk of security groups and users from our domain and I really can't see why they would be missing.

They're held in a custom OU where there's a few subfolders of OUs.

I've tried selecting the Show Users & Groups (include subfolders) option but that makes no difference apart from adding a blank named folder to the top level that I cannot navigate into.

There are some users in there that we created. Room Mailbox users for resource bookings etc. but I don't seem to be able to see any of the main users/groups we have set up.

Any ideas?

Thanks in advance.
0
Comment
Question by:itmtsn
  • 4
  • 3
7 Comments
 

Author Comment

by:itmtsn
ID: 34889336
Update: We've worked out that we can only see groups in the Users container in AD. If I add a group into the default Users Container then make the actual group I want to see a member of that group I can apply the rights I want.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34889437
I assume you are running UAG 2010 SP1?
Are you missing these additional AD groups on ALL UAG trunks you have created or just this one? If just this trunk, have you selected the same authentication server as previously?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34896402
Looks like I was typing a response to your initial post during which you posted your update.

Still would like confirmation that you have deployed both SP1 and at least rollup 1 for SP1 to the UAG box please.
http://blogs.technet.com/b/edgeaccessblog/archive/2010/10/21/announcing-forefront-uag-2010-service-pack-1.aspx

http://support.microsoft.com/kb/2475733

0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 

Author Comment

by:itmtsn
ID: 34904509
It was my error. On the authentication server the wrong Base DN was set. It was looking straight at the Users container and not the top level domain.

Thanks for the suggestions. By going back and revisiting the authentication server I found the problem.
0
 

Author Comment

by:itmtsn
ID: 34904521
Sorry Keith. Yep it was running both SP1 and the update. With your suggestion it made me go back and look through the authentication settings as something seemed to be wrong. So thanks for the suggestion.
0
 

Author Closing Comment

by:itmtsn
ID: 34904526
Question answered. Found the fault
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34904890
Welcome and glad it's sorted
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question