Hi, I'm trying to deploy keycloak in my company as primary SSO solution with AD underneath. In our company AD groups contain other groups as members. e.g.: Let assume that we have Group1, Group1.1. and TestUser. Group1 has Group1.1 as a member and Group 1.1 contains user TestUser. In that configuration after importing AD users to Keycloak, TestUser should have two roles: Group1 has Group1.1. But unfortunately it has only Group1.1. I'm not an AD expert but I hope I've managed to explain the problem well enough. This is very important feature for my company and I wonder to know if you are to solve this problem in the nearest feature? Best Regards, Andrzej