KNOWN ISSUE: AD Import only imports the users of the first group, and not from the nested group.

Article:TECH183464  |  Created: 2012-03-09  |  Updated: 2012-08-30  |  Article URL
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


The customer has an AD group with nested groups. The customer was trying to give groups of users access to certain parts of the SMP console. AD Import only imports the users of the first group, and not from the nested group.

The steps they used are pretty simple and straight forward. Just create two groups in active directory. Make one group a member of the other group. Now import the first group. It will only import the users of the first group, and not that nested group.

Steps to duplicate:
1) Create a Active Directory group. Name the group, AD Group A
2) Create another Active Directory group. Name the group AD Group B
3) Make AD Group B a member of AD Group A (this will be classified as a nested group)
4) Add a userid to AD Group B. 5) On the SMP, configure the Role and and Account to import from domain, from AD Group A. Run the rule.
6) It will create the AD Group A, but AD Group B will not be a member. If you add a user to AD Group A, it shows the user as a member of that group.

See also TECH183463


Symantec Management Platform 7.1 SP2


Known Issue


This issue has been reported to the Symantec Development team. A permanent fix will be provided in the next major release, in this case ITMS 7.1 SP2 MP1 and ITMS 7.5.

A pointfix for this issue has been created. It is part of the SMP 7.1 SP2 Rollup version 3. Please request the Rollup files from HOWTO64413 to Support.

Supplemental Materials

Value2705767, 2700045

Article URL

Terms of use for this information are found in Legal Notices