How to Synchronize Nested AD Group Users from an RSA SecurID Access Identity Source
Originally Published: 2017-11-27
Article Number
Applies To
Issue
For example, say the search filter is:
(&(objectCategory=Person)(sAMAccountName=*)(objectClass=user)(mail=*)(memberOf=CN=ParentGroup,CN=Users,DC=example,DC=com))
and ParentGroup contains a nested group. The users in the nested group will not be synchronized.
Resolution
(&(objectCategory=Person)(sAMAccountName=*)(objectClass=user)(mail=*)(memberOf:1.2.840.113556.1.4.1941:=CN=ParentGroup,CN=Users,DC=example,DC=com))
Notes
Related Articles
The Active Directory Account Collector does not collect the AD Domain Users Group in RSA Identity Governance & Lifecycle Number of Views Move RSA Authentication Manager 8.1 users from the internal database to an external identity source along with their group… Number of Views How to selectively challenge users and applications with RSA AD FS agent 1.x Number of Views A change request to remove role access from a user tries to remove AD group (indirect access from role) which no longer ex… Number of Views Incomplete Collection of AD Groups in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third …
Don't see what you're looking for?
