Maps Active Directory groups against roles and functions. Used by advanced single-sign on.
The contents of this table are not deployed.
You can use this command line to list all groups in a domain:
net groups /domain
The name of the AD group to map. Must match the actual group's name. Case insensitive.
Should not be prefixed with the domain name, that is, use GROUP, not DOMAIN\GROUP.
The same group may occur multiple times if you need to assign both role and functions to its members.
Role to give members of this group. If a user belongs to multiple groups the one with the lowest sort order is used.
A user must always be assigned at least one role to be able to log in, even if you also use functions.
Function to assign members of this group.
Any previous function mappings are deleted each time a user logs in.
Must be non-NULL when RoleId is non-NULL, and NULL when RoleId IS NULL.