I know this may seem a bit cheeky to ask a Windows-related question on a Domino forum, but I’m going to praise Domino in the process, so hopefully this will stop the post from being “moderated”.
Since Release 5 of Domino, we’ve had the “Manage Groups” tool to help us see a graphical overview of which groups a user is a member of, and all the nested sub-groups they might also be in. I know that many people customise the NAB anyway and put their own views in to deal with this. Just the default tool IBM give us is very useful though, and I often praise it when teaching Domino Admin courses.
Then we come to Active Directory, where we have not just Group Types to worry about (Security and Distribution), but also Group Scopes (Global, Domain Local and Universal). We still have the issue that a user may be a member of groups that are nested inside other groups, indeed Microsoft themselves recommend this with their A-G-U-DL-P strategy. However, when we look at an individual user in AD, we can only see the groups they are a actual member of, and not the nested groups, which makes diagnosis of permissions issues somewhat difficult, and very time-consuming.
Many of you on this forum will be both Domino Admins and Windows Admins, so can anyone suggest a straightforward way of seeing graphically the group nesting structure and user group membership with AD groups? I don’t mind whether it’s a built-in registry setting you have to know about or a bolt-on tool that costs money, any suggestions/hints gratefully received.