Link to home
Create AccountLog in
Avatar of itmtsn
itmtsn

asked on

Forefront UAG 2010 - Authorization: missing domain groups/members

Hi,
 
I'm trying to configure specific application access based on a group of users but I cannot see most of my custom domain groups/users. The generic ones exists i.e. Domain Admins but I'm missing a whole chunk of security groups and users from our domain and I really can't see why they would be missing.

They're held in a custom OU where there's a few subfolders of OUs.

I've tried selecting the Show Users & Groups (include subfolders) option but that makes no difference apart from adding a blank named folder to the top level that I cannot navigate into.

There are some users in there that we created. Room Mailbox users for resource bookings etc. but I don't seem to be able to see any of the main users/groups we have set up.

Any ideas?

Thanks in advance.
Avatar of itmtsn
itmtsn

ASKER

Update: We've worked out that we can only see groups in the Users container in AD. If I add a group into the default Users Container then make the actual group I want to see a member of that group I can apply the rights I want.
Avatar of Keith Alabaster
I assume you are running UAG 2010 SP1?
Are you missing these additional AD groups on ALL UAG trunks you have created or just this one? If just this trunk, have you selected the same authentication server as previously?
ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of itmtsn

ASKER

It was my error. On the authentication server the wrong Base DN was set. It was looking straight at the Users container and not the top level domain.

Thanks for the suggestions. By going back and revisiting the authentication server I found the problem.
Avatar of itmtsn

ASKER

Sorry Keith. Yep it was running both SP1 and the update. With your suggestion it made me go back and look through the authentication settings as something seemed to be wrong. So thanks for the suggestion.
Avatar of itmtsn

ASKER

Question answered. Found the fault
Welcome and glad it's sorted