Trying to get limitations in policies working with Active Directory. We have LDAP connectors and they can resolve users and groups, but cannot list members IN groups. It does work if the user is directly listed in the AD group, but not if they exist in a group within the group. Before I go down the rabbit hole of trying to "hunt and peck" the correct configuration, have folks ever got LDAP groups to work where nested groups are involved. Nested in this context means a Universal Group with one layer of Global Groups are nested in it. The idea is to not have users individually defined in the groups, but one layer of groups.