-
Task
-
Resolution: Unresolved
-
Major
-
None
There's a report that claims IADsUser::Groups does not find recursive group memberships.
If this is the case, this affects everyone using ActiveDirectoryAuthenticationProvider. MSDN documentation doesn't say it one way or the other. Some local testing is required.
Unfortunately, IADsGroup don't seem to have the property that lists other groups that the group belongs to, making it impossible to recursively discover all the groups that the user belongs to.
Another lead is to see how .NET does this. See WindowsPrincipal.IsInRole
setup a 2012r2 AD server with 2 users and 4 groups (using 2 of the groups as intermediate).
Verified that using ADSI that the recursive groups are not found.
Had to switch from ADSI mode to get recursive groups working.
Jenkins 1.625.2, AD plugin 1.41