This topic describes how to select Forefront UAG DirectAccess servers that receive Forefront UAG DirectAccess server Group Policy. When Group Policy is generated from the Forefront UAG DirectAccess Configuration Wizard, the UAG DirectAccess: Gateways GPO must be applied on all the Forefront UAG DirectAccess servers. For this to happen you need to specify the names of Organizational Units (OU) or select the server names list that contain the names of the Forefront UAG DirectAccess servers.

When selecting the server names list, the UAG DirectAccess: Gateways GPO is linked to the root of the domain, and the security filtering is the Forefront UAG DirectAccess array computer accounts. In some organizations, company policy does not permit the linking of GPOs to the root of the domain. When you select an OU containing the Forefront UAG DirectAccess array computer accounts, the UAG DirectAccess: Gateways GPO is linked to the OU and not to the root of the domain, and there is no security filtering.

To assign server groups

  1. Under Step 2, under Optional Settings, click Server Groups. The Server Groups page appears.

  2. If your Forefront UAG DirectAccess servers are members of OUs:

    1. Click Organizational units (OU), and then click Add.

    2. In the Select Organizational Units dialog box, from the list of OUs, select the OU that contain the Forefront UAG DirectAccess servers, and then click Add.

      Note:
      The OUs selected must contain all the Forefront UAG DirectAccess servers that should receive the Forefront UAG DirectAccess server Group Policy, and must not contain any other computers.
    3. When you have finished adding all the required OUs, click Close, and then click Finish. The main Forefront UAG DirectAccess Configuration page appears.

    Note:
    Click Remove to remove the currently selected OU from the list.
  3. To select Server names:

    1. Click Server names.

      Note:
      All of the computers in the Forefront UAG DirectAccess array are added automatically in the security group mode.
    2. Ensure that all the Forefront UAG DirectAccess servers appear in the list, and then click Finish. The main Forefront UAG DirectAccess Configuration page appears.

    Note:
    When using server names, when you add another Forefront UAG DirectAccess server to the array, the new Forefront UAG DirectAccess server is automatically added to the server names list, however you must Generate Policies again so the UAG DirectAccess: Gateways GPO is applied on the new array member.