Michael_Jenkins
Dec 08, 2015Cirrostratus
AD Query not getting all nested group
I'm experiencing an issue that I've seen creep up before, but haven't been able to figure out. In my VPE, I'm doing
AD Auth
and then and standard AD Query
with the FetchNested Groups option checked. The problem is that for most of my groups everything works perfectly fine. In this one particular case, however, the APM query is not getting back the nested group membership (i.e. The user is a member of the group A, which is a member of group B that gives them permissions to resources). If I put the user directly into group B then it sees the group membership fine. But if they're in group A, it never grabs it (even though it grabs every other group membership).
I have created a new group that is exactly the same as the one having the issue (as best as you can in AD), and it has no problem. But this original group is already used elsewhere so I can't just switch groups completely.
Anybody have any ideas?