Active Directory supports multiple types of groups. When configured to use Active Directory as an identity source, Authentication Manager supports only Universal groups.
When you select an Active Directory group for access on a restricted agent, make sure that you select a Universal group. If you use any other type of Active Directory group, the user may not be able to authenticate. When you view the Active Directory groups from the Security Console, the Security Console displays all groups, regardless of type.
The Security Console cannot display a user’s primary Active Directory user group, such as Domain Users. The group appears empty even though it has members.
We want your feedback! Tell us what you think of this page.