Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Access Management

Grouper - Pushing Groups to Active Directory

This article explains how to push Grouper groups to Active Directory.

  1. Login to Grouper UI
  2. Find desired group
  3. Click More Actions
  4. Select Admin UI
  5. Click on Edit group
  6. Check ADSync group type and then click Save
    • A small number of applications will need to use ADLocalSync instead of ADSync. Unless your application requires otherwise, only use ADSync.

Membership changes take about an hour to go from Grouper to Active Directory.

Memberships will be added to groups in the ou=ucgroups container within Active Directory. For example, the Grouper group "uc:personal:blair:test-group" would push to the Active Directory group "cn=uc:personal:blair:test-group,ou=ucgroups,dc=ad,dc=uchicago,dc=edu" if using ADSync and the Active Directory group "cn=uc:personal:blair:test-group,ou=ucgroups,dc=ad,dc=local" if using ADLocalSync.

Note: Groups with a cn value longer than 64 characters cannot be pushed to Active Directory.




Keywords:ucgroups, AD, ADlocalSync, ADSync, cn   Doc ID:44818
Owner:Blair C.Group:University of Chicago
Created:2014-11-12 07:28 CDTUpdated:2017-05-22 09:41 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  2   0