Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Multi Domain Permitted Groups Option

This article relates to LoadMaster firmware version 7.2.52.

In LoadMaster firmware version 7.2.52, a new check box was added to the ESP Options section of the Virtual Service modify screen called Multi Domain Permitted Groups. This check box is configurable with the following client authentication modes:

  • Basic Authentication
  • Form Based
  • Client Certificate
  • NTLM

When Multi Domain Permitted Groups is enabled, the LoadMaster checks for permitted group membership within all sub-domains under the top-level domain.

The Multi Domain Permitted Groups option works with the Permitted Groups, Permitted Group SID(s), and Include Nested Groups.

If Multi Domain Permitted Groups is disabled, users must be in the same domain or sub-domain that the user profile is defined, or the group check fails.

The Multi Domain Permitted Groups option is disabled by default.

The Include Nested Groups option works with Multi Domain Permitted Groups. For example, if you have group1 in server1 and group2 inside group1 in the same server with different users, those users can be authenticated if both Include Nested Groups and Multi Domain Permitted Groups are enabled.

For further information on the Edge Security Pack (ESP) in general, refer to the Long Term Support (LTS) ESP Feature Description.

Application Programming Interface (API) Details

You can enable or disable the multidomainpermittedgroups parameter by running the RESTful API modvs command, for example:


Valid values are:

  • 0 - Disabled
  • 1 - Enabled

For further details on the RESTful API in general, refer to the Long Term Support (LTS) RESTful API Interface Description document.

For PowerShell help, run the Get-Help command for the relevant commands.