Extension data for Active Directory groups
Enter the custom Active Directory schema extensions for the group.
Table 48: Extension data
| Attribute extension 01 - attribute extension 15 | Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields. | 
 
    POSIX properties for Active Directory groups
The following additional properties are mapped for groups with the POSIXGROUP object class.
Table 49: POSIX properties
| GID number | Group ID in the domain. | 
 
    Validity of group memberships
There are different assignments to groups possible depending on the construction of the domain structure and the domain trusts. You can find more exact information about permitted group memberships in the documentation for your Windows Server.
Ensure the following if you want to map group memberships using forests:
In the following tables, the groups, user accounts, contacts, and computers permitted in One Identity Manager listed in groups.
Legend for the tables:
- 
G = Global 
- 
U = Universal 
- 
L = Local 
Table 50: Group memberships permitted within a domain
| Distribution | Global | x |  |  | x |  |  | x | x | x | 
| Universal | x | x |  | x | x |  | x | x | x | 
| Local | x | x | x | x | x | x | x | x | x | 
| Security | Global | x |  |  | x |  |  | x | x | x | 
| Universal | x | x |  | x | x |  | x | x | x | 
| Local | x | x | x | x | x | x | x | x | x | 
Table 51: Group memberships permitted within a hierarchical domain structure
| Distribution | Global |  |  |  |  |  |  |  | x |  | 
| Universal | x | x |  | x | x |  | x | x | x | 
| Local | x | x |  | x | x |  | x | x | x | 
| Security | Global |  |  |  |  |  |  |  |  |  | 
| Universal | x | x |  | x | x |  | x | x | x | 
| Local | x | x |  | x | x |  | x | x | x | 
Table 52: Group memberships permitted within a forest
| Distribution | Global |  |  |  |  |  |  |  |  |  | 
| Universal |  |  |  |  |  |  |  |  |  | 
| Local | x | x |  | x | x |  | x |  | x | 
| Security | Global |  |  |  |  |  |  |  |  |  | 
| Universal |  |  |  |  |  |  |  |  |  | 
| Local | x | x |  | x | x |  | x |  | x | 
Table 53: Group memberships permitted between forests
| Distribution | Global |  |  |  |  |  |  |  |  |  | 
| Universal |  |  |  |  |  |  |  |  |  | 
| Local | x | x |  | x | x |  | x |  | x | 
| Security | Global |  |  |  |  |  |  |  |  |  | 
| Universal |  |  |  |  |  |  |  |  |  | 
| Local | x | x |  | x | x |  | x |  | x | 
 
    Adding Active Directory groups to Active Directory groups
Use this task to add a group to another group. This means that the groups can be hierarchically structured.
To assign groups directly to a group as members
- 
In the Manager, select the Active Directory > Groups category. 
- 
Select the group in the result list. 
- 
Select the Assign groups category. 
- 
Select the Has members tab. 
- 
Assign child groups in Add assignments. 
TIP: In the Remove assignments pane, you can remove the assignment of groups. To remove an assignment 
 
- Save the changes. 
To add a group as a member of other groups
- 
In the Manager, select the Active Directory > Groups category. 
- 
Select the group in the result list. 
- 
Select the Assign groups task. 
- 
Select the Is member of tab. 
- 
In the Add assignments pane, assign parent groups. 
TIP: In the Remove assignments pane, you can remove the assignment of groups. To remove an assignment 
 
- Save the changes.