1.- Just users that belong to domains managed by Active Roles can appear as members of an ARS Dynamic Group:
2.- In order for an AD group to show members from external domains, the Group scope must be "Domain Local":
3.- For ARS Dynamic Groups to include members from external domains, option "Enable cross-domain membership" available in the ARS policy named “Built-in Policy - Dynamic Groups” must be enabled:
For instance, add “Custom Search – Include by Query” for members of the local “onisupport.info” domain members with “homephone=Employee” to appear listed:
Now add another “Custom Search – Include by Query” for members of the external “onisp.com” from department “BSMSSSS” to appear listed:
Note: the following message will pop up if a combined query is used at the Active Directory level:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy