We found the problem. The 2012 AD uses compressed SID's which OnTap 8.1.2P1 doesn't support. Support was added in 8.1.2P2. A work-around we found on MS website works good, but requires the Windows use to log out and back in.
Rick From: Rhodes, Richard L. Sent: Tuesday, July 21, 2015 1:18 PM To: 'ADSM: Dist Stor Manager' Subject: can't access share with nested AD groups IBM N3220 - 2857-A22 (NetApp FAS2240-2) Data ONTAP Release 8.1.2P1 7-Mode We are in the process of upgrading our AD system from Win 2008 to Win 2012R2. After doing this, some CIFS shares cannot be accessed. We've narrowed it down to AD groups that have nested groups. Folks in the nested groups do not authenticate. If we move someone from a nested group the top group, they are able to access files. Any thought are appreciated! (I'm opening a case with IBM support right after this!) Thanks Rick ----------------------------------------- The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.