So i made a security group (lets call it Group A) and delegated it a bunch of rights in AD such as being able to create accounts etc. I created a second group (Group B) and delegated it different rights using group policies (log on remotely to servers etc).
I want everyone in group B to have the Group B rights, plus all of the Group A rights… so i make Group B a member of Group A.
I add a user account as a member of group b and open ADUC.
User account only has the permissions delegated to Group B. It is unable to create new accounts.
If I just make the user account a member of both group A and Group B – it works fine.
Dont delegated permissions get passed down through group nesting? If not – whats the point of nesting groups?