So I'm not a network guy but I can poke around the ASDM interface to get an idea of what's going on. I'm trying to do cleanup in AD and as of now we have several AD groups that membership grants access to the VPN, however in the ASDM I can only locate one location where groups are specifically mentioned (Remote Access VPN-->Network (Client) Access-->Dynamic Access Policies.)
I don't see any attribute mappings in use so it appears to be controlled through DAP's but there are only 2 AD groups configured and somehow there are other groups in our AD that allow users to access the VPN. I can't figure out where else they would be coming from...I don't think it's RADIUS either.
ASDM version is 7.1. I've been looking through Cisco docs and on Google but no avail.