I have created several groups in Active Directory for the purpose of granting read-wrote access to specific vlans so that some operations folks can manage their own address space. Recently I noticed that with one person at least, maybe more I don't know for sure, he can see one of the vlans he has access to, but not the other. I double checked and he is definitely in the right group for both vlans--it is two separate groups in this case.
Am I missing something obvious here?
Turns out the answer is basically a RTFM issue.
I didn't realize users can only belong to one group. That could get tricky in larger organizations with lots of delegation.