06-02-2017 07:03 AM
I want to create an enforcement policy rule for machine authentication which only permits computer accounts that are members of a certain AD-group. Does the policy rule use "memberof" or "UserDN" ?
Solved! Go to Solution.
06-02-2017 08:25 AM
I need more help.
Using memberOf with machine accounts is not working for me. However using memberOf for user accounts works perfectly.
Is filtering machine accounts based on AD group supported?
Is this syntax correct...
"Authorization:AD-Name:memberOf CONTAINS ad-group-name"
06-02-2017 11:04 AM
06-02-2017 02:05 PM
Thank-you for doing this testing. I found it works when I add a "Machine memberOf" filter under my AD source as shown below.
Only then does it provide the machine account information as shown below:
If you don't need this added filter then I will explore further.
06-02-2017 02:14 PM