Does PAM support nested Global and Universal AD groups
Article ID: 105635
CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)CA Privileged Access Manager (PAM)
In PAM is it possible to use nested Active Directory groups consisting of Global and Universal groups?
Release: Component: CAPAMX
Note: Universal groups cannot be members of Global groups. But vice versa it is possible.
To confirm PAM is working correctly create - an Universal group "group3" with member "user3" - two Global groups "group2" with member "user2" and "group1" with member "user1" - cascade group3 with member group2, and group2 with member group1 - in CA PAM LDAP Import select group3 only - finally I find all three users being discovered and imported to PAM