Endpoint Management Connector for Exchange ActiveSync nested groups (recursive lookup)

[Dennis Parker]

Attempting to setup and use Endpoint Management Connector for Exchange ActiveSync (version 10.1.10.4) for the first time and everything seems to be going well except for the local rules and using recursive lookups (nested groups). When clicking Analyze button it says it will do a recursive lookup, but it doesn't find any user accounts from nested groups (Active Directory). 

I have a ticket opened with Citrix, but it is pretty fresh as I opened it this morning, so just asking here as well.

 

Has this worked in previous versions and is broken now or am I misunderstanding what "recursive" means to Citrix? 

[James Selix]

what type of rule is it? expression? i had some issues today using a device id expression to allow allow of my samsung devices and oddly it worked its way out after i re-ordered my rules. just a heads up.. the Endpoint connector for on-prem exchange can have a mind of its own at times.. i've been using it since its inception and yea.. random denied access to active sync users throughout the last few years..  ;)

[Dennis Parker]

Sorry if I wasn't clear. It's an Active Directory Group Membership Deny rule. If I use a group with direct members, it works as expected. If I use a group with nested groups (to get the same user accounts, but also additional user accounts from another group, it doesn't find any users. Something like this:

Group A = User1, User2

Group B = User3, User4 

Group C = Group A, Group B

 

Deny rule -> Group A -> User1 and User2 are applied.

Deny rule -> Group B -> User3 and User4 are applied.

Deny rule -> Group C (without rules for Group A and Group B) -> No users found

 

 

[Dennis Parker]

Also, on an unrelated issue, but since I got one response from someone here.....Running the service on a 2016 server and I have a pretty severe memory leak...do you see that as well?

 

[James Selix]

16 minutes ago, Dennis Parker said:

Also, on an unrelated issue, but since I got one response from someone here.....Running the service on a 2016 server and I have a pretty severe memory leak...do you see that as well?

 

 

i see about 48% memory usage on my Server 2012 R2 box that hosts the Endpoint Connector.  are you on the latest version too?  i think we only have 2cpus and 4GB of ram for our VM. :) as for your prev question about nested groups. I have not used groups like you have but have seen weird issues with Device ID rules and regular expressions.  Sadly my setup is pretty basic for this; we use device id based rules vs user groups/user ids.   prob not too helpful of an answer ;) 

 

good luck buddy!!

[Dennis Parker]

Yeah, latest release 10.1.10.4 (I think that is latest release anyway). Appreciate you looking at it.