Using the ASA 5520 to successfully authentication users who are located in an OU below 'Site-B'.
These users are also members of 'Site-B-VPN-ACCESS' group membership.
This works just fine.
Have users in an OU higher in the AD tree (a different location 'Site-A') but who are members of 'Site-B-VPN-ACCESS' group. These users are not able to authenticate.
I'm not the network guy, I'm the AD guy trying to help the network guy.
I'm thinking that the 5520 is looking in the 'SITE-B-VPN-ACCESS' group and after finding the user then checks 'Site-B' and below for the user to verify the account. If a valid user can be found below 'Site-B' all is good and if the user is in 'Site-A' then the 5520 isn't finding the user and fails.
If that is the issue, what command/attribute do I use to configure the ASA to check the entire AD for a user?