Having Identity Manager create groups in AD that are Universal, not Global (like the default behavior is) can be an issue.
In the Subscriber channel under the Creation Rule, create a new rule. I called mine “Create Groups as Universal.”
If class name = group, then set destination attribute value(“groupType”,class name=”Group”,”-2147483640″).
This now creates all groups as universal groups in AD. Just a little tip: if you use parent and child domains and want to have groups created, be universal so that you can add users cross-domain.
Note: This solution was tested in an environment with Netware 6.5 SP5 and IDM 3.0.
<rule> <description>Create Groups as Universal</description> <conditions> <and> <if-class-name mode="nocase" op="equal">Group</if-class-name> </and> </conditions> <actions> <do-set-dest-attr-value class-name="Group" name="groupType"> <arg-value> <token-text xml:space="preserve">-2147483640</token-text> </arg-value> </do-set-dest-attr-value> </actions> </rule>