>>>In your case, when you authenticate a user by AD (using domain, username, and password), how would you assign a user to this or that user group?
>
>Using ldp.exe (Microsoft optional LDAP testing app for Windows) against a giant AD forest, mygroup\myusername or myusername@mygroup seemed to work. It's possible that ldp.exe reassembles it into dn components, e.g. ou= so you could experiment - and ldp.exe has a console section that shows you the commands it's sending.
>
>You can get ldp.exe on your own PC fairly easily, as it's a Windows component. Easiest to search online for latest instructions to add it.
Thank you, John.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham