Application groups allow you an alternate way of assigning users to roles. An application group is a feature of
Windows® Authorization Manager (AzMan) where you can define a group of users without having to go through
your domain administrator to add a new group to Active Directory®.
1. Open the Application User Interface Authorization page.
2. Expand the Add tool bar button and click Add Application Group.
3. On the Group tab of the Authorizations: Application Group dialog, enter the following information:
• Name: Enter a name for the application group
• Description: Enter a brief description for the application group
Select one of the following methods which is to be used to define a group of users:
• Basic (default)
• LDAP Query
4. Open the Members tab and add the users and groups that are to be members of this application group.
• To add an application group, click the Add Application Group button and select an application
group from the Authorizations: Application Groups dialog.
• To add a user or group, click the Add User or Group button, which will display the Select Active
Directory Objects dialog. Use the Browse page or Search page to locate and select the user(s)
and/or group(s) to be added.
5. Optionally, open the Non-Members tab and add the users and groups that are to be excluded from this
application group.
• To add an application group, click the Add Application Group button and select an application
group from the Authorizations: Application Groups dialog.
• To add a user or group, click the Add User or Group button, which will display the Select Active
Directory Objects dialog. Use the Browse page or Search page to locate and select the user(s)
and/or group(s) to be added.
6. Click the OK button to save your new role definition and close the Authorizations: Role dialog.
7. When the selected member(s) now try to define Active Directory protection they will be restricted to
defining protection for the selected domain or organizational unit.