Nested AD Groups

4.2 SP3 P6 and AD is already configured and working.

We are re-doing our security model to use AD groups.

We created a top level group that contains several layers of nested subgroups.

All BO Users
	Dept 1 Users
		User A
		User B
		User C
		Dept 1 Analysts
			User B
			User C
	Dept 2 Users
		User D
		Dept 2 Analysts
			User D
	Dept 3 Users
		User E
		User F
		Dept 3 Analysts
			User E
			User F

Added All BO Users as a Mapped AD Member Group in the Windows AD plug-in.

As expected, that group pulled in as did all of the downstream users. But, the groups did not import, so I’m just seeing:

All BO Users
	User A
	User B
	User C
	User D
	User E
	User F

From what I’ve read, BO won’t automatically nest the groups, but it should import the groups themselves. Is there something I’m missing or am I mis-interpreting prior posts on the subject?

Having to manually add all the groups is time consuming but doable, but the bigger problems is that means it won’t automatically pick up future groups that are added into the chain which equals maintenance headache.


dtolley (BOB member since 2006-07-14)

No, unfortunately, BO will not automatically import any groups.


joepeters :us: (BOB member since 2002-08-29)

I’ve observed the same thing that you have only our nested AD groups just went one level deep. It appears that Business Objects will import the members of the sub-groups as if they were members of the parent group.

I have not observed the actual sub-group being imported in our case. It almost as if the Business Objects AD interface ignores the sub-group as a separate configuration item.


JohnBClark :us: (BOB member since 2007-03-27)