I would like to know if there is a way to use Active Directory for Physical Access Control ?
Example: All users will have a RFID card or a fingerprint entry registered on the domain (linked to the user name), and I would like to secure the buildings (doorlock, airlock) using this and controlled by Active Directory (ex: authorizing a group to use some doors, disabling the user will make the RFID/Fingerprint ineffective, access logging)
Is this possible ? Thank you
Yes, it's possible. It's often a smart card, which means PKI, which can be integrated with AD. Find a vendor or vendors, and ask them what it would take to integrate with your existing AD.
The only hard part is interfacing to the hardware. That interface needs to be able to query AD and act on the results. From the AD side of things it's no different to having any other network device, such as a PC, query it.
This is a pretty specialised area, so you will need to spend some time tracking down companies that can supply the required hardware and software. Try to deal with local companies only if possible, as you really want someone who can come out on site, because you're unlikely to get a plug and play solution.
You can also use an access management system that offers integration to active directory either directly or via a third party software. By definig an access template in the access management system and linking that to a user defined role in AD, you can do exactly what you want without the extra cost of a smart card.
There is a way. If anyone is interested there is a company called Viscount that uses anew switching technology that allows rfid door cards to talk directly to AD. AD becomes the whole system. See webinar link below
http://secprodonline.com/webcasts/2011/01/using-ip-card-reader-bridges-to-run-physical-access-control-as-an-active-directory-application.aspx?admgarea=Webinars&tc=page0
With EdgeConnector you can easily control the physical access rights of a user from within your Windows Active Directory environment, just as you already control their logical access rights.
http://www.edge-connector.com/