Hi,
We have a particular configuration that we want to work.
Our FIM engine hosts a user population split in two parts, each part is represented by a fix value in an attribut. There is a sync rule for each population, which make FIM populate 2 AD domains (in the same forest), one for each population.
This configuration works fine. The problem is in group management. Groups are managed in FIM and injected in the first domain, with member sync of the first domain. There are defined as universal groups, because we need to have domain 2 users in domain 1 groups. Users from the 2 populations are correctly seen as members in FIM, but during export, membership is only propagated for domain 1 users. Looks like fim cannot sync groups in an AD domain with members of another AD domain (same forest), whereas users membership is correct in FIM.
Does anyone already configured something like this ?
BR,
Emmanuel IT