000035785 - How to Synchronize Nested AD Group Users from an RSA SecurID Access Identity Source

Document created by RSA Customer Support Employee on Nov 29, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035785
Applies ToRSA Product Type:  SecurID Access
IssueWhen attempting to synchronize nested Active Directory Identity Source group members by specifying a User Search Filter that defines the parent group the nested users are not synchronized.
For example, say the search filter is:


and ParentGroup contains a nested group.  The users in the nested group will not be synchronized.
ResolutionMicrosoft-specific filter syntax can be used to synchronize the members of ParentGroup and any nested group members.  Precede the =CN=ParentGroup with the Microsoft LDAP-specific syntax :1.2.840.113556.1.4.1941: as shown in below user search filter example:


NotesReference Active Directory:  LDAP Syntax Filters.