Map an organization group claim to a resource group
Applies To: Windows Server 2003 R2
Organization group claims in the resource Federation Service can be mapped to resource groups, which reside in Active Directory, so that federated users who have the organization group claim are treated as members of that resource group. Therefore, you must create a security group (which is the resource group) in the resource partner forest that represents the users who have the organization group claim but do not have domain user accounts in the resource partner forest. After you create the organization group claim, map the claim to the resource group that you created in the resource partner forest.
Note
This procedure is not required if the resource partner forest trusts the account partner forest and the Windows trust option is selected in the Active Directory Federation Services snap-in in both the account Federation Service and the resource Federation Service.
Perform this procedure on a resource federation server.
Administrative credentials
To complete this procedure, you must be a member of the Administrators group on the local computer.
To map an organization group claim to a resource group
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click My Organization, and then click Organization Claims.
In the details pane, right-click the organization group claim that requires mapping to a local group, click Properties, and then click the Resource Group tab.
Select the Map this claim to the following local resource group check box, and then click the … button.
In Enter the object name to select, type the name of the resource group that you want to map to the group claim, and then click OK.
In the Group Claim Properties dialog box, click OK.