ALL Users/Groups are in DOMAIN1
Octopus Server is in DOMAIN2 (Domain2 has no users/groups except those to administer the domain)
Service Account Running Octopus Server is in DOMAIN1
DOMAIN2 is a trust relationship with DOMAIN1
Octopus permissions work fine if we add users individually OR supply a group with users directly in it.
Octopus permissions are now failing if we add a group with a nested group with users in it.
Full disclosure during this octopus upgrade we did switch our server to the DOMAIN2 to comply with corporate mandate of where new servers are built.
Executed Powershell as Service account running Octopus Deploy on both servers (same account just ran it from both servers).
.GetAuthorizationGroups() - found both Parent and Child Group in question on Both Servers
.GetGroups() - found only the nested group test user is directly apart of (not the parent group test user is not part of directly) - on Both Servers
So powershell executed identically on both servers.
Could there be something odd about nested groups when in a trusted domain?