Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to identify AD-imported groups in SFOS?

LHerzog

Is it somehow possible to identify which groups in SFOS have their source in Active Directory?

To me local and AD groups all look the same on SFOS. Even after export of them as entities.tar.

That makes managing larger environments with local groups and groups imported from AD unnecessarily complicated.



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, one way from GUI, is to go to Authentication > Users > click on the filter of the username and filter '@' and hit apply.

    You'll get a list of all the AD users. But for Groups LuCar is right !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    just wanted to get AD groups, not users. but thanks!

    so SFOS tries to query all local groups against AD and if that does not work, it remains just a local group?

    normally other systems I use make it transparent what are LDAP groups and what are local ones.

    Just find that strange.

  • 0 in reply to LHerzog

    Essentially we are not sending groups to the AD. We are looking up users. AD will give us the result of all AD groups. And we match those results against the Groups on the firewall. The advantage is, we can move groups and objects between all facilities without locking it. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to LHerzog

    Essentially we are not sending groups to the AD. We are looking up users. AD will give us the result of all AD groups. And we match those results against the Groups on the firewall. The advantage is, we can move groups and objects between all facilities without locking it. 

    __________________________________________________________________________________________________________________

Children
No Data
Unfiltered HTML