Nested AD groups in ODM Groups

So I have the magic triangle system working at present.There is a slight issue with Nested AD groups in OD Groups. The problem seems to be that becuase the AD group I am nesting is, for the users of that group, their 3rd AD group - they cannot login. The thing is, as I understand it, all AD users will have DOMAIN\domain users as their primary group, and therefore the group I want to target will always fail to be the Primary GID. From what I've read nested AD groups should not be a problem, but perhaps it is on the Tiger Server side? I'm running Tiger Server 10.4.7. Anyone else have these problems, as I'm not particularly pleased about adding each user manually to my OD groups. Cheers