AD: Inherited group membership issue

Interesting. We got rid of nested groups a few years ago, so I have not run into this. I would imagine it should work. If you don't get a response on the forum, I would direct this question to support directly. Could be a bug.

Hi Pete,
ASPR does not figure out nested group membership. It's a bit of a problem for me too, as we use nested groups extensively. I ended up running a script that figures out group membership for a user and importing that into the DB. I can then use the new security API to apply securities how I want.
Before the security API I had to make sure users were added directly to whatever AD groups I wanted to use for web app securities.
Let me know if you'd like the script I use to get group membership. I originally found it on some blog somewhere and tweaked it for my needs.
Tim

And, by the way, I did email support a couple of years ago when I first discovered this and they confirmed that ASPR doesn't support reading nested group membership.

Thanks for the quick replies guys. Tim, your solution sounds interesting, but I think I've worked out something that'll do for now. The reason I was asking is that most of my apps include one or more existing AD group plus a few more selected individuals. For now I'm just going to create one group for the "odd balls" and then set up that group and the other one or two I need in my app, and then just copy the permissions across all the groups. It's a bit more work up front, but it will save me from having to duplicate the work of others in maintaining those standard groups. Some of them have hundreds of members.