AD Query after logon to select domain for AD Auth

Question

I am trying to figure out how to use the username provided on the Logon page to select the appropriate domain to AD Auth against. What I have done so far that fails is to use a branch rule per domain in my forest. Each branch rule performs an AD Query against a particular domain to determne if user is in a certain group...then forwards to AD Auth for that domain. My branch rules appear to do nothing however. Any ideas as to why this might be. In the logs I see the branch rules ENTER then LEAVE with no other logging information.

maurice_g_ · Answer

OKI got it worked out.&nbsp;See my policy below&nbsp;Access Policy: DDINet-Win7 (Endings: Allow, Deny [default])&nbsp;&nbsp;Start fallback Successful fallback Succeed&nbsp;Fail&nbsp;fallback&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Macro: AD-AUTH-ASIA (Terminals: Succeed [default], Fail) Use Count: 2&nbsp;&nbsp;&nbsp;Macro: AD-AUTH-AU (Terminals: Succeed [default], Fail) Use Count: 2&nbsp;&nbsp;&nbsp;Macro: AD-AUTH-UK (Terminals: Succeed [default], Fail) Use Count: 2&nbsp;&nbsp;&nbsp;Macro: AD-AUTH-US (Terminals: Succeed [default], Fail) Use Count: 2&nbsp;&nbsp;&nbsp;Macro: LDAP Query UPN (Terminals: Succeed [default], Fail) Use Count: 1&nbsp;&nbsp;In fallback WIN7-US Succeed Out&nbsp;Fail&nbsp;WIN7-UK Succeed Out&nbsp;Fail&nbsp;WIN7-ASIA Succeed Out&nbsp;Fail&nbsp;WIN7-AU Succeed Out&nbsp;Fail&nbsp;fallback WIN7-US Succeed Out&nbsp;Fail&nbsp;WIN7-UK Succeed Out&nbsp;Fail&nbsp;WIN7-ASIA Succeed Out&nbsp;Fail&nbsp;WIN7-AU Succeed Out&nbsp;Fail&nbsp;fallback&nbsp;&nbsp;&nbsp;Macro: US-Assign-Resources (Terminals: Out [default])&nbsp;&nbsp;&nbsp;&nbsp;

Forum Discussion

AD Query after logon to select domain for AD Auth

1 Reply

Recent Discussions

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

Related Content

Enriching AFM with public domain Threat Intelligence

Pool downtime query

Select pool member based on HTTP query string parameter

iRule Processing query

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query