Solved: Users in multiple AD groups

fermendo · ‎01-06-2011

Hi all,

I have this scenario, hope you can help.

Users in AD, may be members of several groups. I need to create an access policy to users that belong to two groups. For example, if a user belongs to \Internet AND \Privilege then one policy needs to be applied. But if the user only belongs to \Internet then the Global Policy should apply.Also if the user ONLY belongs to \Privilege the Global Policy should be applied. Is there a way to do this?

Also I have a couple of questions:

- If a user is member of several groups, which one is matched when assigning to an access policy?

- If I have a cluster of S360, all appliances must be joined to the domain, is there a problen with all the appliances trying to create the wsa$ account?

Thanks a lot!!!

mart.pirita · ‎02-02-2011

As far I know, You can't use multiple AD groups as one identity.

And the higher policy mathes first.

View solution in original post

jowolfer · ‎02-03-2011

All group membership is based on OR not AND, so you are correct that there is no way to do this.

View solution in original post

mart.pirita · ‎02-02-2011

As far I know, You can't use multiple AD groups as one identity.

And the higher policy mathes first.

jowolfer · ‎02-03-2011

All group membership is based on OR not AND, so you are correct that there is no way to do this.

fermendo · ‎02-03-2011

Ok, thought so, thanks a lot!!!

pfalgowski · ‎06-23-2014

Hi all.

I will be appreciated if someone would tell if something changed in this matter in the new versions of AsyncOS.

Is it possible to achieve such scenario now?

Regards,

Peter Falgowski