This is the scenario on AD Domain:
User1 is member of Group-1
User2 is member of Group-2
Administrator is member of Group-1 and Group-2
In Microsoft IAS I currently have two policy:
Policy-1: members of Group-1 receive an acl to have access to Server-1 (priority 1)
Policy-2: members of Group-2 receive an acl to have access to Server-2 (priority 2)
Everything works fine with User1 and User2, the problem is that when Administrator logs in, he matches Policy-1, and so he has no access to Server-2.......
I found a solution:
Creating a group Group-Administrator
Crating a Policy-0: members of Group-Administrator have access to Server-1 and Server-2
But the side-effect, in the real-world, is that you are obliged to create a group for every user and a policy for every group, and I have 500+ users to manage (I need to move them from local users on the firewall to Active Directory)
The above is just an example, I'm trying to understand how to manage vpn access with groups on IAS without creating one-group for every user and as many policies as users, and I can't find a way to do that, any help would be very appriciated.