Cisco ACS Server Active directory hierarchical group mapping

Unanswered Question
Apr 6th, 2010
User Badges:

Hi All,

I have two active directory security groups lets say Group1users and second Group2users. All the users belongs to these groups. Both of these groups are a member of another security group GroupUsers. If i map the acs group to GroupUsers, the users authentication puts the users into the default group. but if i use Group1users or Group2users into the mapping, they are placed into the right group. Is the hierarchical group supported into the acs? Any solution for this if its not supported.

Many Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Javier Henderson Tue, 04/06/2010 - 10:27
User Badges:
  • Cisco Employee,

I am assuming you have ACS 4.x?

The group mappings are applied top to bottom as you look at the group mapping list. With this in mind, create mappings such that groupusers goes to one ACS group, groupusers1 to another, etc.

Keep in mind that you can only map a given AD group to a single ACS group, but multiple AD groups can point to a single ACS group.

mrbzumrbzu Wed, 04/07/2010 - 01:52
User Badges:

Thanks Javier for reply. I have cisco ACS 3.3 and i understand group mapping but it seems acs server not supporting active directory nested groups.

Active directory structure

Group1: user1, user2

Group2: user3, user4

Group3: Group1, Group2

ACS server Groupe mapping and order

ACSGroup1: Active directory Group3

ACSGroup2: Active directory Group1

ACSGroup3: Active directory Group2

Users are not mapping to ACSGroup1 as its nested. The users maps properly to ACSGroup1 and ACSGroup2.

How i setup acs/active directory to understadn nested groups?

mrbzumrbzu Mon, 04/12/2010 - 03:55
User Badges:

I have cisco ACS 3.3 which doesn't support hierarical group mapping in active directory.

thanks for your help


This Discussion