Hi,

I'm trying to deploy keycloak in my company as primary SSO solution with AD underneath.

In our company AD groups contain other groups as members.

e.g.:

Let assume that we have Group1, Group1.1. and TestUser.

Group1 has Group1.1 as a member and Group 1.1 contains user TestUser. 

In that configuration after importing AD users to Keycloak, TestUser should have two roles: Group1 has Group1.1. But unfortunately it has only Group1.1.

I'm not an AD expert but I hope I've managed to explain the problem well enough.

This is very important feature for my company and I wonder to know if you are to solve this problem in the nearest feature?

Best Regards,

 Andrzej