|Applies To||RSA Product Type: SecurID Access|
|Issue||When attempting to synchronize nested Active Directory Identity Source group members by specifying a User Search Filter that defines the parent group the nested users are not synchronized.|
For example, say the search filter is:
and ParentGroup contains a nested group. The users in the nested group will not be synchronized.
|Resolution||Microsoft-specific filter syntax can be used to synchronize the members of ParentGroup and any nested group members. Precede the =CN=ParentGroup with the Microsoft LDAP-specific syntax :1.2.840.1135188.8.131.521: as shown in below user search filter example:|
|Notes||Reference Active Directory: LDAP Syntax Filters.|