Jump to content
Welcome to our new Citrix community!
  • 0

Endpoint Management Connector for Exchange ActiveSync nested groups (recursive lookup)

Dennis Parker


Attempting to setup and use Endpoint Management Connector for Exchange ActiveSync (version for the first time and everything seems to be going well except for the local rules and using recursive lookups (nested groups). When clicking Analyze button it says it will do a recursive lookup, but it doesn't find any user accounts from nested groups (Active Directory). 

I have a ticket opened with Citrix, but it is pretty fresh as I opened it this morning, so just asking here as well.


Has this worked in previous versions and is broken now or am I misunderstanding what "recursive" means to Citrix? 

Link to comment

5 answers to this question

Recommended Posts

  • 0

what type of rule is it? expression? i had some issues today using a device id expression to allow allow of my samsung devices and oddly it worked its way out after i re-ordered my rules. just a heads up.. the Endpoint connector for on-prem exchange can have a mind of its own at times.. i've been using it since its inception and yea.. random denied access to active sync users throughout the last few years..  ;)

Link to comment
  • 0

Sorry if I wasn't clear. It's an Active Directory Group Membership Deny rule. If I use a group with direct members, it works as expected. If I use a group with nested groups (to get the same user accounts, but also additional user accounts from another group, it doesn't find any users. Something like this:

Group A = User1, User2

Group B = User3, User4 

Group C = Group A, Group B


Deny rule -> Group A -> User1 and User2 are applied.

Deny rule -> Group B -> User3 and User4 are applied.

Deny rule -> Group C (without rules for Group A and Group B) -> No users found



Link to comment
  • 0
16 minutes ago, Dennis Parker said:

Also, on an unrelated issue, but since I got one response from someone here.....Running the service on a 2016 server and I have a pretty severe memory leak...do you see that as well?




i see about 48% memory usage on my Server 2012 R2 box that hosts the Endpoint Connector.  are you on the latest version too?  i think we only have 2cpus and 4GB of ram for our VM. :) as for your prev question about nested groups. I have not used groups like you have but have seen weird issues with Device ID rules and regular expressions.  Sadly my setup is pretty basic for this; we use device id based rules vs user groups/user ids.   prob not too helpful of an answer ;) 


good luck buddy!!

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...