Dynamic group membership to work around no nested security group support for Active Directory

Posted by Bernie White on Server Fault See other posts from Server Fault or by Bernie White
Published on 2012-10-01T22:55:34Z Indexed on 2012/10/02 3:41 UTC
Read the original article Hit count: 580

Filed under:
|
|
|

My problem is that I have a number of network administration applications like SAN switches that do not support nested groups from Active Directory Domain Services (AD DS). These legacy administration applications use either LDAP or LDAPS.

I am fairly sure I can use Active Directory Lightweight Directory Services (AD LDS) and possibly Windows Authorization Manager to work around this issue; however I am not really sure where to start.

I want to end up with:

  • A single group that can be queried over LDAP/LDAPS for all it’s direct members
  • LDAP proxy for user name and password credentials to AD DS
  • Easy way to admin the group, ideally the group would aggregate the nested membership in AD DS.
  • a native solution using freely available components from the Windows stack.

If you have any suggestions or solutions that you have previously used to solve this issue please let me know.

© Server Fault or respective owner

Related posts about active-directory

Related posts about ldap