This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 45%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hi All,
We have ADFS 3.0 and we have relying party trust where we are sending User's group membership as claim. The rule details are provided below and it works fine for users of our Test Domain.
Now we have certain users which are part of trusted Domain and they are added to the some local group in our Domain. We have checked the claim but all Group membership for those users are not coming. Only the group membership from users Domain are reflected but not the trusted Domain.
Is there a way to achieve it
Rule:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("groups"), query = ";memberOf;{0}", param = c.Value);
The rule you've provided is used to add group membership claims to users based on the http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname claim. This rule queries the Active Directory for the groups a user is a member of and adds those groups as claims.