I have a client who does not want to have to mange two user/groups directories (AD/OD). We set it up so they could bring the AD users in and put them in groups on the OSX server since they wanted group management but AD auth and home directories. Works great except they don't want to have to drag the users into the proper WGM groups.
So I was thinking could I use a field in AD (lets say 100 = group
Then Map that field to the UID in the AD plug-in in Directory Access. So every time someone in GroupB logins in their UID is 100. Then all they would have to do is create a user on the OD side with a UID of 100 and manage by user. But it would really be by group.
Would this work? I don't see why not and this would prevent them from having to bring over all the users and adding users in two places. Of course this would be a problem if a user was in two groups.... But I can't think of any other problems can you?
Thanks!