When integrating LDAP for Citrix ADC system administration using AD groups, what binding is used to specify the permission level and complete the LDAP configuration?

• A. A nested group to the new group.
• B. A command policy to the group.
• C. Users to the group on the Citrix ADC
• D. An authentication, authorization, and auditing (AAA) action to the group.

Answer: (B)

The essential idea is that once an AD group is used to grant admin access on the Citrix ADC, you must specify what that group is allowed to do. This is done by binding a command policy to the group. A command policy defines exactly which CLI commands the members of that group can execute, effectively setting their permission level. Binding this policy to the ADC group completes the LDAP setup by turning the LDAP identity (the AD group) into a restricted admin role with defined capabilities. Without a command policy, the group membership alone doesn’t enforce what actions are permitted. The other concepts—nesting groups, assigning users directly, or using an AAA action—don’t by themselves define and enforce the specific CLI permissions for LDAP-admin users in the Citrix ADC context.