Map an Organization Group Claim to an AD DS Group (Group Claim Extraction)

Applies To: Windows Server 2008

When you use Active Directory Domain Services (AD DS) as the Active Directory Federation Services (AD FS) account store for an account Federation Service, you map an organization group claim to a security group in AD DS. This mapping is called a group claim extraction.

Perform this procedure in the account Federation Service.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To map an organization group claim to an AD DS group

1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Account Stores, right-click Active Directory, point to New, and then click Group Claim Extraction.

3. In the Create a New Group Claim Extraction dialog box, click Add, and then select the AD DS security group that you want to map to a group claim.

4. In Map to this Organization Claim, select the group claim to map to the AD DS security group, and then click OK.

Additional references

Map an Organization Custom Claim to an AD DS or AD LDS User Attribute (Custom Claim Extraction)

Map an Organization Group Claim to an AD LDS Attribute and Value (Group Claim Extraction)

Map an Organization Group Claim to a Resource Group