Is there way to create a claim that will the return the DN of all groups and super-groups a user is a MemberOf?
Currently running Windows 2012 R2 ADFS.
Example:
I have a structure of groups like the following.
GrandparentGroup ParentGroupA (memberOf=GrandparentGroup) ParentGroupB (memberOf=GrandparentGroup) GroupA (memberOf=ParentGroupA) GroupB (memberOf=ParentGroupA) GroupC (memberOf=ParentGroupB) GroupD (memberOf=ParentGroupB) UserA (memberOf=GroupA) UserB (memberOf=GroupA, memberOf=GroupB)
I want to return the full-DNs of GroupA, ParentGroupA, and GrandparentGroup when UserA logs in.
If building a claim is not possible are there other was to handle this scenario with ADFS?