题
I want my ADFS 2012 R2 to send group-membership from a specific location in Active Directory, how can I do this?
I tried "Send LDAP attributes as claims", Token-Groups - Unqualified Names => Group, but that gives me every group the user is a member of. I only want the groups located in a certain path in AD (for example org/department/applications/demoapplication)
解决方案
OOTB, you can't do this.
However, you can write your own custom attribute store where you can access AD directly using the .NET AD API's and get the group memberships you want.
Also, refer How to create a Custom Attribute Store for Active Directory Federation Services 3.0.
https://stackoverflow.com/questions/22655763
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian