Article ID: 2745465 - View products that this article applies to.
Consider the following scenario:
In this scenario, application access through the Forefront UAG server is unsuccessful.
When Forefront UAG 2010 looks up the user's primary group by using Active Directory Service Interfaces (ADSI), the lookup is unsuccessful when Forefront UAG is not part of the domain. When a Lightweight Directory Access Protocol (LDAP) repository is used for authentication, the LDAP search response for the MemberOf attribute does not include the user's primary group.
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2710791/ )Description of Service Pack 2 for Forefront Unified Access Gateway 2010
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about the need to query groups to give users access that is based on group membership, click the following article number to view the article in the Microsoft Knowledge Base:
275523For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/275523/ )Setting Primary Group excludes the user from the group membership in Active Directory
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates