Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1145
Views
0
Helpful
1
Replies

ISE with AD nested groups and their depth

Go to solution
engahmedsaied
Level 1
Level 1

ā€Ž06-01-2022 09:46 AM

I see from other questions that ISE support AD nested groups 

can you share an official document contain that info also what about depth? How many levels it is supported?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

ā€Ž06-01-2022 11:30 PM

As per the Active Directory Integration with Cisco ISE 2.x  document:

"Policy rule conditions may reference any of the following: a userā€™s or computerā€™s primary group, the groups of which a user or computer is a direct member, or indirect (nested) groups."

I'm not aware of any documented testing/validation of the limits of nested group depth, but this would likely be guided by the Microsoft-imposed limits and best-practices based on the software version.
Example... Active Directory Maximum Limits - Scalability 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

ā€Ž06-01-2022 11:30 PM

As per the Active Directory Integration with Cisco ISE 2.x  document:

"Policy rule conditions may reference any of the following: a userā€™s or computerā€™s primary group, the groups of which a user or computer is a direct member, or indirect (nested) groups."

I'm not aware of any documented testing/validation of the limits of nested group depth, but this would likely be guided by the Microsoft-imposed limits and best-practices based on the software version.
Example... Active Directory Maximum Limits - Scalability 

0 Helpful
Customers Also Viewed These Support Documents