Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1670
Views
0
Helpful
1
Replies

ISE with AD nested groups and their depth

Go to solution
engahmedsaied
Level 1
Level 1

‎06-01-2022 09:46 AM

I see from other questions that ISE support AD nested groups 

can you share an official document contain that info also what about depth? How many levels it is supported?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎06-01-2022 11:30 PM

As per the Active Directory Integration with Cisco ISE 2.x  document:

"Policy rule conditions may reference any of the following: a user’s or computer’s primary group, the groups of which a user or computer is a direct member, or indirect (nested) groups."

I'm not aware of any documented testing/validation of the limits of nested group depth, but this would likely be guided by the Microsoft-imposed limits and best-practices based on the software version.
Example... Active Directory Maximum Limits - Scalability 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎06-01-2022 11:30 PM

As per the Active Directory Integration with Cisco ISE 2.x  document:

"Policy rule conditions may reference any of the following: a user’s or computer’s primary group, the groups of which a user or computer is a direct member, or indirect (nested) groups."

I'm not aware of any documented testing/validation of the limits of nested group depth, but this would likely be guided by the Microsoft-imposed limits and best-practices based on the software version.
Example... Active Directory Maximum Limits - Scalability 

0 Helpful
Customers Also Viewed These Support Documents
Top