I have a situation where I just want to check a user's group membership
in AD and based on if they are a member of a specific group, perform an
So I check the user's group membership (memberOf) in AD. This works
fine for directly assigned groups, but there may be nested groups within
the group. Querying memberOf in AD doesn't seem to return the group
membership for a user when it is obtained through nesting.

Is there any quick and dirty way to check this? I'm afraid the only way
would be to read the members list off the group in AD, figure out which
members are groups, then do a query to see if the user is a member of
one of the nested groups. And obviously, this could go several layers
deep. I was hoping there was some way to check this that is easier that
I'm missing. Is there?



matt's Profile: https://forums.netiq.com/member.php?userid=183
View this thread: https://forums.netiq.com/showthread.php?t=47444