Need to setup a quarterly Group Membership Attestation for select ADS groups. Many of these groups have nested groups that are members. I would think that the owner of the Parent group would attest to the members/groups that are assigned and the owners of the nested groups would attest to its members. Would you be able to create one Attestation Policy that would spawn an Attestation for all the members (even the ones that got the assignment through a nested group) and then in the approval workflow direct the approval to the group owner?
I see the built-in policy "System entitlement memberships attestation" uses an attestation procedure of the same name which calls the script "VI_NestedUNSGroupList". Well I setup nested groups and defined the master group through the portal and then launched the attestation. The attestation only included the 1 person who was a member of the master(parent) group. No members of the nested groups were included.
Thoughts/Ideas/Questions?