Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

IronPort LDAP group query - How do I recursive?

The default LDAP group query "(&(memberOf={g})(proxyAddresses=smtp:{a}))" does not perform a recursive group search. It will not find members of groups within groups.

I tried using this query, which functions correctly in active directory, but returns no matches in the IronPort appliance, "(&(memberOf:1.2.840.113556.1.4.1941:={g})(proxyAddresses=smtp:{a}))".

Is there a better way to do this? One that works?

New Member

Hi all, Me too.. I have the

Hi all,


Me too.. I have the same problem with vESA 8.5.5-280.

Something to suggest?

Cisco Employee

Hi,This could not be working


This could not be working based on many factors. The default settings may require manual tweaking.

Please look at the "distinguished name" of the LDAP group objects.

you may have to get the distinguished names of one of the groups and modify the original query to include the distinguished name like in the example below.

Query: (&(memberof=CN={g},OU=Distribution Groups,OU=ExchangeObjects,OU=Corp,DC=swc,DC=local)(proxyAddresses=smtp:{a}))


Also I think your best bet would be to call Cisco Tac and open a case for support. I hope this helps!
US Toll Free Customer Support +1 800 553 2447 Option #1