Managing user accounts and groups in multiple forests

US 7,953,896 B2
Filed: 05/27/2009
Issued: 05/31/2011
Est. Priority Date: 05/27/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving an indication of a member added to a group, the group being included in a domain that is included in a first forest;

determining whether the group is a cross-forest security group;

determining whether a home forest of the added member is a forest that is trusted by the first forest;

including the added member in a security proxy set associated with the domain if the group is determined to be a cross-forest security group and the home forest of the added member is determined to be a trusted forest of the first forest;

generating a security proxy object for the added member; and

including the security proxy object in the domain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products are provided for managing contact proxies and security proxies in networks that are organized as forests. For instance, contact proxies may be generated to represent user accounts and groups in forests other than the home forests of the user accounts and groups. Security proxy objects may be generated to represent group members (e.g., security principals and groups) in groups in forests other than the home forests of the group members. Furthermore, when both a contact object and a security proxy object exist for a member added to a group, one of the contact object or the security proxy object may be selected to represent the member in the group.

44 Citations

View as Search Results

14 Claims

1. A computer-implemented method, comprising:
- receiving an indication of a member added to a group, the group being included in a domain that is included in a first forest;
  
  determining whether the group is a cross-forest security group;
  
  determining whether a home forest of the added member is a forest that is trusted by the first forest;
  
  including the added member in a security proxy set associated with the domain if the group is determined to be a cross-forest security group and the home forest of the added member is determined to be a trusted forest of the first forest;
  
  generating a security proxy object for the added member; and
  
  including the security proxy object in the domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - including the security proxy object as a member of the group.
  - 3. The method of claim 1, further comprising:
    - determining whether the home forest of the added member is the first forest; and
      
      including the added member in the group if the home forest of the added member is determined to be the first forest.
  - 4. The method of claim 1, wherein the member is a group or a security principal.
  - 5. The method of claim 1, wherein said determining that the group is a cross-forest security group comprises:
    - determining that the group is a mail-enabled cross-forest security group.
  - 6. The method of claim 1, wherein said determining whether a home forest of the added member is a forest that is trusted by the first forest comprises:
    - transmitting a request to the first forest for an indication of one or more forests trusted by the first forest.
  - 7. The method of claim 1, wherein said including the security proxy object in the domain comprises:
    - transmitting to the first forest a group membership that includes the added member to request a security proxy object be generated and added to the domain.

8. A computer implemented method, comprising:
- receiving an indication of a member added to a group, the group being included in a domain that is included in a first forest;
  
  determining that the added member is associated with a previously generated security proxy object and a previously generated contact object;
  
  determining whether the group is a cross-forest security group;
  
  determining whether a home forest of the added member is a forest that is trusted by the first forest; and
  
  including the security proxy object as a member of the group if the group is determined to be a cross-forest security group and the home forest of the added member is determined to be trusted by the first forest.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - including the contact object as a member of the group if the group is determined to not be a cross-forest security group.
  - 10. The method of claim 8, further comprising:
    - determining that the member is not to be included as a member of the group if the group is determined to be a cross-forest security group and the home forest of the added member is determined to not be trusted by the first forest.
  - 11. The method of claim 8, wherein the member is a group or a security principal.
  - 12. The method of claim 8, wherein said determining whether a home forest of the added member is a forest that is trusted by the first forest comprises:
    - transmitting a request to the first forest for an indication of one or more forests trusted by the first forest.
  - 13. The method of claim 8, wherein said including the security proxy object as a member of the group if the group is determined to be a cross-forest security group and the home forest of the added member is determined to be trusted by the first forest comprises:
    - transmitting to the first forest a group membership that includes the added member to request a security proxy object be generated and added to the domain.
  - 14. The method of claim 9, wherein said including the contact object as a member of the group if the group is determined to not be a cross-forest security group comprises:
    - transmitting the contact object to the first forest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ward, Robert D., Kjellman, Andreas B. G., Ganjeh, Nima
Primary Examiner(s)
WON, MICHAEL YOUNG

Application Number

US12/473,113
Publication Number

US 20100306376A1
Time in Patent Office

734 Days
Field of Search

709/221, 709/226, 709/249, 709/252
US Class Current

709/252
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

H04L 63/104 Grouping of entities

Managing user accounts and groups in multiple forests

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Managing user accounts and groups in multiple forests

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links