Want to query a nested group membership for a user in AD? I know I did and I spent far too much time trying to find the answer. Here is how:
Use this special user attribute in the Role Member Field:
With this you can use a group that contains other groups and still validate the user. If you want to create a new "FTP Access" group that has "finance" and "marketing" groups nested, the users in that group will show up.
Hope that helps someone.