In a few simple steps, you can push Grouper groups to Active Directory (AD).

1. Log in to Grouper (grouper.uchicago.edu/ui).
2. Find the desired group.
3. From the More Actions drop-down list, select Sync Group To.
4. Choose AD as the target system in the "Target System" drop down.
5. Select Submit.
   
   • A small number of applications will need to use ADLOCAL as the target instead of AD. Unless your application requires otherwise, only use AD.

Membership changes take about an hour to go from Grouper to Active Directory. Larger updates (e.g., adding a new group with many members) may take longer.

Memberships will be added to groups in the ou=ucgroups container within Active Directory. For example, the Grouper group "uc:personal:blair:test-group" would push to the Active Directory group "cn=uc:personal:blair:test-group,ou=ucgroups,dc=ad,dc=uchicago,dc=edu" if using AD and the Active Directory group "cn=uc:personal:blair:test-group,ou=ucgroups,dc=ad,dc=local" if using ADLOCAL.

Note #1: Groups with an ID Path longer than 64 characters cannot be pushed to Active Directory.

Note #2: The group ID Path will be converted to lowercase characters before synchronizing to AD/ADLOCAL. For example: "uc:personal:Blair:TEST-GROUP" in Grouper would become "cn=uc:personal:blair:test-group,ou=ucgroups,dc=ad,dc=uchicago,dc=edu" in AD.