Managing user accounts and groups in multiple forests
First Claim
1. A computer-implemented method, comprising:
- receiving an indication of a member added to a group, the group being included in a domain that is included in a first forest;
determining whether the group is a cross-forest security group;
determining whether a home forest of the added member is a forest that is trusted by the first forest;
including the added member in a security proxy set associated with the domain if the group is determined to be a cross-forest security group and the home forest of the added member is determined to be a trusted forest of the first forest;
generating a security proxy object for the added member; and
including the security proxy object in the domain.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products are provided for managing contact proxies and security proxies in networks that are organized as forests. For instance, contact proxies may be generated to represent user accounts and groups in forests other than the home forests of the user accounts and groups. Security proxy objects may be generated to represent group members (e.g., security principals and groups) in groups in forests other than the home forests of the group members. Furthermore, when both a contact object and a security proxy object exist for a member added to a group, one of the contact object or the security proxy object may be selected to represent the member in the group.
44 Citations
14 Claims
-
1. A computer-implemented method, comprising:
-
receiving an indication of a member added to a group, the group being included in a domain that is included in a first forest; determining whether the group is a cross-forest security group; determining whether a home forest of the added member is a forest that is trusted by the first forest; including the added member in a security proxy set associated with the domain if the group is determined to be a cross-forest security group and the home forest of the added member is determined to be a trusted forest of the first forest; generating a security proxy object for the added member; and including the security proxy object in the domain. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer implemented method, comprising:
-
receiving an indication of a member added to a group, the group being included in a domain that is included in a first forest; determining that the added member is associated with a previously generated security proxy object and a previously generated contact object; determining whether the group is a cross-forest security group; determining whether a home forest of the added member is a forest that is trusted by the first forest; and including the security proxy object as a member of the group if the group is determined to be a cross-forest security group and the home forest of the added member is determined to be trusted by the first forest. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification