I am using an ldapsearch as a filter for my events. The sAMAccount name matches the User. It works perfectly for the direct group members but does not unpack members of nested groups in the AD group. Hoping there is a simple step I'm missing. Thanks for any suggestions.
[| ldapsearch domain="mydomain" search="(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=MY Group Name,ou=delegated,ou=groups,dc=amr,dc=corp,dc=mydomain,dc=com))"
| table sAMAccountName
| rename sAMAccountName as User]
...rest of search
The string 1.2.840.1135126.96.36.1991 specifies LDAP_MATCHING_RULE_IN_CHAIN. This applies only to DN attributes. This is an extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match. This reveals group nesting. It is available only on domain controllers with Windows Server 2003 SP2 or Windows Server 2008 (or above).