Hi All,
I got a case where I need to extract out the memberOf attribute from Microsoft AD to use it as Authorization rule, but when I query the AD, this object has two memberOf's (shown
two rows and every row has different value).
When checked to AD, this object has multiple 'AD group' under the "memberOf" tab, which means it is member of two OU so-called.
I tried to alias these two memberOf into separate rule, but only one shows up.
I don't know how or when this memberOf show as the query return, because for example if one object only has one memberOf or none memberOf, one object to another will have different parameter ID of memberOf, right ? (or how is it exactly, not AD expert)
When the endpoint authenticates, at the Input attribute @ Access Tracker, I can only see one of it.
So anyone knows how to query the exact memberOf we wanted ?
PS: I am not in charge of the AD, and the customer's AD 99.9% won't change (or we can't change), so we need to find a way.
(
Attached some screenshots)