...
The main development was the provisioning of groups from Grouper into our Active Directory. Up until the start of 2012, we only provisioned a select number of groups into the AD on a case by case basis. In April 2012 the decision was made to provision all groups that reside in our Application stem within Grouper into the AD. There were a number of reasons for doing this, first of all to improve the resilience of Shibboleth querying group memberships from Grouper (previously Shibboleth queried the Grouper database directly). The second reason was to extend the use of groups past controlling just web resources, so now a group could be set-up which controls access to a wiki, blog, filestore and so on.
We now provisioned provisione over 6000 groups into the AD, made up of over 150,000 memberships and these numbers are continually increasing as new use cases are identified.
...