ā06-01-2022 09:46 AM
I see from other questions that ISE support AD nested groups
can you share an official document contain that info also what about depth? How many levels it is supported?
Solved! Go to Solution.
ā06-01-2022 11:30 PM
As per the Active Directory Integration with Cisco ISE 2.x document:
"Policy rule conditions may reference any of the following: a userās or computerās primary group, the groups of which a user or computer is a direct member, or indirect (nested) groups."
I'm not aware of any documented testing/validation of the limits of nested group depth, but this would likely be guided by the Microsoft-imposed limits and best-practices based on the software version.
Example... Active Directory Maximum Limits - Scalability
ā06-01-2022 11:30 PM
As per the Active Directory Integration with Cisco ISE 2.x document:
"Policy rule conditions may reference any of the following: a userās or computerās primary group, the groups of which a user or computer is a direct member, or indirect (nested) groups."
I'm not aware of any documented testing/validation of the limits of nested group depth, but this would likely be guided by the Microsoft-imposed limits and best-practices based on the software version.
Example... Active Directory Maximum Limits - Scalability
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide