diff --git a/plugins/module_utils/_ADObject.psm1 b/plugins/module_utils/_ADObject.psm1
index 70868c3..8a33267 100644
--- a/plugins/module_utils/_ADObject.psm1
+++ b/plugins/module_utils/_ADObject.psm1
@@ -543,6 +543,9 @@ Function ConvertTo-AnsibleADDistinguishedName {
         [string]
         $Server,
 
+        [boolean]
+        $NestedGroupFlatten,
+
         [PSCredential]
         $Credential,
 
@@ -611,10 +614,17 @@ Function ConvertTo-AnsibleADDistinguishedName {
                 continue
             }
 
-            $adDN = Get-AnsibleADObject @getParams |
-                Select-Object -ExpandProperty DistinguishedName
-            if ($adDN) {
-                $results.Add($adDN)
+            $object = Get-AnsibleADObject @getParams
+            if ($object) {
+                if ($NestedGroupFlatten -and $object.ObjectClass -eq "group") {
+                    $dns = Get-ADGroupMember $object -Recursive | Select-Object -ExpandProperty DistinguishedName
+                }
+                else {
+                    $dns = $object | Select-Object -ExpandProperty DistinguishedName
+                }
+                foreach ($dn in $dns) {
+                    $results.Add($dn)
+                }
             }
             else {
                 $invalidIdentities.Add($getParams.Identity)
@@ -1016,6 +1026,12 @@ Function Invoke-AnsibleADObject {
         }
     )
 
+    if ($ModuleNoun -eq "ADGroup") {
+        $spec.options['flatten'] = @{
+                type = 'bool'
+        }
+    }
+
     $module = [Ansible.Basic.AnsibleModule]::Create(@(), $spec)
     $module.Result.distinguished_name = $null
     $module.Result.object_guid = $null
@@ -1337,6 +1353,9 @@ Function Invoke-AnsibleADObject {
                                     Context = "$($propInfo.Name).$($actionKvp.Key)"
                                     FailureAction = $propValue.lookup_failure_action
                                 }
+                                if ($propInfo.Name -eq 'members' -and $module.Params.flatten) {
+                                    $convertParams['NestedGroupFlatten'] = $true
+                                }
                                 $dns = $actionKvp.Value | ConvertTo-AnsibleADDistinguishedName @adParams @convertParams
                                 $compareParams[$actionKvp.Key] = @($dns)
                             }
diff --git a/plugins/modules/group.py b/plugins/modules/group.py
index df2c704..713e07d 100644
--- a/plugins/modules/group.py
+++ b/plugins/modules/group.py
@@ -86,6 +86,11 @@
         - Set this to an empty list to remove all members from a group.
         type: list
         elements: raw
+  flatten:
+    description:
+    - For nested groups, group members are added directly (nested groups are "flattened").
+    type: bool
+    default: false
   sam_account_name:
     description:
     - The C(sAMAccountName) value to set for the group.