How to include nested AD groups in campaign

sup3rmark · August 19, 2024, 7:33pm

As a demonstration, I set up two groups in my dev Active Directory domain:

flatGroup - this is a group that contains only two users: Luke Skywalker and Leia Organa
mixedGroup - this group contains two users: Yoda and Obi-Wan Kenobi; as well as one nested group, flatGroup

I create a certification campaign targeting mixedGroup specifically. As you can see, there is no reference anywhere in this campaign to the child entitlement, flatGroup.

Here, we can see mixedGroup’s direct membership, as well as its recursive membership, as pulled via Powershell:

I’m not sure how @princess included the child entitlement alongside the identities in her campaign, but my guess is that it was done through a non-standard configuration on the Active Directory source?

Topic		Replies	Views
Nested AD groups - Best Practices ISC Discussion and Questions identity-security-cloud	11	2721	March 19, 2024
Question: Certification Campaign entitlement across multiple sources ISC Discussion and Questions identity-security-cloud , entitlements	5	283	July 1, 2024
Active Directory Connector, Effective Access and Nested Groups IIQ Discussion and Questions entitlements	1	1077	July 19, 2023
Active Directory Source LDAP Filter ISC Discussion and Questions identity-security-cloud	2	422	January 30, 2024
Converting AD role group to a role in ISC ISC Discussion and Questions apis , identity-security-cloud , roles , powershell-sdk	6	50	October 7, 2024

How to include nested AD groups in campaign

Related topics