Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ACS Server Active directory hierarchical group mapping

Hi All,

I have two active directory security groups lets say Group1users and second Group2users. All the users belongs to these groups. Both of these groups are a member of another security group GroupUsers. If i map the acs group to GroupUsers, the users authentication puts the users into the default group. but if i use Group1users or Group2users into the mapping, they are placed into the right group. Is the hierarchical group supported into the acs? Any solution for this if its not supported.

Many Thanks

3 REPLIES

Re: Cisco ACS Server Active directory hierarchical group mapping

I am assuming you have ACS 4.x?

The group mappings are applied top to bottom as you look at the group mapping list. With this in mind, create mappings such that groupusers goes to one ACS group, groupusers1 to another, etc.

Keep in mind that you can only map a given AD group to a single ACS group, but multiple AD groups can point to a single ACS group.

New Member

Re: Cisco ACS Server Active directory hierarchical group mapping

Thanks Javier for reply. I have cisco ACS 3.3 and i understand group mapping but it seems acs server not supporting active directory nested groups.

Active directory structure

Group1: user1, user2

Group2: user3, user4

Group3: Group1, Group2

ACS server Groupe mapping and order

ACSGroup1: Active directory Group3

ACSGroup2: Active directory Group1

ACSGroup3: Active directory Group2

Users are not mapping to ACSGroup1 as its nested. The users maps properly to ACSGroup1 and ACSGroup2.

How i setup acs/active directory to understadn nested groups?

New Member

Re: Cisco ACS Server Active directory hierarchical group mapping

I have cisco ACS 3.3 which doesn't support hierarical group mapping in active directory.

thanks for your help

1394
Views
0
Helpful
3
Replies
CreatePlease to create content