AD users in Windows Server, embedded groups

This is kind of a continuation of this thread - thanks to the examples there, I managed to get a simple AD-login working on my webapp hosted on a local IIS. The code just checks if the user is a member of a specific AD-group, and if they are, the webapp proper is opened.

However, I wasn’t able to get the group-check working on nested groups, the users have to be direct members of the group. It’d be better if I could use nested groups. I do know LDAP queries have the possibility of finding all members of a group, including those in nested groups, but I couldn’t figure out how to add it to the query in Xojo.

In Powershell it’d be

Get-ADUser -LDAPFilter “(memberOf:1.2.840.113556.1.4.1941:=CN=myGroup,OU=myContainer,DC=domain,DC=com)”

But I couldn’t figure out how to add the “1.2.840.113556.1.4.1941” to the Xojo query of:

strQuery = “SELECT sAMAccountName FROM 'LDAP://” + LogonServer + "’ WHERE objectCategory = ‘Person’ and memberOf = ‘CN=myGroup,OU=myContainer,DC=domain,DC=com’ "

I tried several ways of including “memberOf:1.2.840.113556.1.4.1941” in there but to no avail, the query always just crashes. Any help would be appreciated.