MFT LDAP Groups Question

If I have 2 AD Security Group, where I have Users assigned (some users are in Both Groups)

Some users in seperate groups

If I grant Access to a different Home Dir and Assign permission to different folder structure

does MFT application affectively only allow the users to view the more restrictive folder

Also does the MFT apply least restriction to those users in both groups


I have a group that I make the Home Dir %DOMAIN-HOME% and Directory Access %DOMAIN_HOME% with RWADN-L---I

the 2nd Group Home Dir %DOMAIN-HOME%\Subfolder and Directory Access %DOMAIN_HOME%\Subfolder with RW-DN-L---I

Just wondering how MFT applies its rules for Home DIR and rights


  • FYI Found my Own Answer

    If you have a user with access to different directory structures under the same root then the user gets the Lower level applied to their connection

    So if the user has the following applied by 2 groups option 2 is presented to the user (note user can not browse up if "lock user in homeDirectory" is applied)

    1 Home Dir %DOMAIN-HOME%

    2 Home Dir %DOMAIN-HOME%\Subfolder

    Regarding File permissions

    If a user is a member of 2 groups where different file restrictions are applied, then the most restrictive setting appears to apply

    Hope this helps others when considering DIR and File restrictions