Hi Giacomo,
do you know what format it needs to be in for this work?
Then maybe someone would have a suggestion as to how to get the data you need.
cheers,
Vadim
Hi Vadim,
if I try to use your UDA passing the userLoginName as
c:0+.w|s-1-5-21-823518204-220523388-725345543-32842
(that's the objectSid of my group plus a claim prefix), it will insert the correct group, so my question is: how to get the objectSid of an AD Group?
If I can get it, I can build a string with the prefix and the objectSid and pass it to the webservice.
Giacomo
Hi,
I've found a solution to my problem:
If I need to add an AD Group with claim, I add the Group using a webservice, without using the claim name of the Group, then calling method GetUserInfo from usergroup.asmx I can have some information about the group, including his SID.
Once I have the Xml, using an Xpath Query I'll get the value of the SID, so I can remove the previously added group and re-add it using the claim token.
Giacomo
Hi Giacomo,
that's great. I'm glad you found a way to get this to work and thanks for sharing it. I'm sure others will come across this, and this will be very helpful to them.
cheers,
Vadim
Hi,
You said that you added the AD group using a webservice without using the Claim name of the Group.
I assume you used the method: AddUserToGroup from usergroup.asmx?
I'm not familiar with claims yet, but should one use the claim name of the group you're adding to as well as the claim name of the AD group you want to add?
After adding the AD group you called the method GetUserInfo from usergroup.asmx.
What did you put as userLoginName for this method? Did you put 'domainloginname' of the AD group?
I hope you can remember this one and help me out.
Alice
Hi Alice,
the first time when I add it, I put it in as domainloginname then I remove it and add it again with the claim name with SID (from the first AddUserToGroup I extract the sid of the group using a Query XML action and extracting /defaultNS:GetUserInfo/defaultNS:User/@Sid)
Giacomo