Hi all,
In my environment (SP 2010 and 2013) we try to use AD groups to control permission whereever we can. It works fine since launch applications last year. Until recently we need to add departmental AD groups to control List items we start to have user complains. These AD groups are nested so they can cover all teams in the whole departments (For example, main group is including B and C groups, B and C groups are nested with D and F, etc. All nested groups are security groups). End users are in the base AD groups (D and F) so supposed to have permission to access the List. Yet we notice they can't see the list item at all. If we add the users directly to the main AD group it works.
I know nesting AD groups is bad practice and could cause troubles. Yet I have to live and use whatever is available. Just wondering if anybody know any settings I could check/configure or where to review and confirm nesting is the root cause? I use all default settings so just thought maybe somewhere I can re-configure for this.
Thanks in advance for any help.
Sally