Nested Active Directory Groups
search cancel

Nested Active Directory Groups

book

Article ID: 198491

calendar_today

Updated On: 07-10-2025

Products

Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

When using an Active Directory group to map to a DLP user group does DLP import users from nested groups?  If so, how many levels down will it import the users?


Resolution

Yes. We look into nested groups.

When indexing AD we get as much information as we can get via LDAP queries.

The main limitation can be caused by LDAP - if too many entries are retrieved there should be a severe error in the logs during indexing, also the results may depend on whether AD is set the "include aliases" flag.

If you have users from multiple domains within a nested group then its a good idea to point to a GC that knows about all domains.  Also try and changing the port to 3268 or 3269 (secure) and see if this helps.

Powered by Wolken Software