Nested Groups are Directory groups that are also a member of one or more other group.
When synchronizing nested groups, there can be many use cases and individual instances where it is possible to cause an undesirable outcome (i.e. users or groups not synchronizing). For example, there can be circular nested groups, and cases where there may be multiple or ambiguous matching of prefixes.
These scenarios are likely to cause issues with the Netsweeper Directory Sync service.
To ensure that all of your users and groups correctly sync, follow these three easy rules:
- Always create new groups in your directory when integrating with Netsweeper. This new group must have a UNIQUE prefix that has not been used for other or nested elsewhere in other groups (e.g. nsw_school1_staff).
- To the newly created groups, add your original MEMBER. These MEMBERS can be users, groups, etc. (e.g. mygroup1 is now a member of nsw_school1_staff).
- NEVER add the newly created group as a MEMBER OF another group (e.g. “I can use this Netsweeper group as a subgroup for this other solution since I already have the list of users here”).
By following these three rules you will ensure that your groups and users are synchronized appropriately.
Please see our DirSync Rules and Examples documentation for example setups and use cases.