We are importing users from HR system and creating a new Person record. Once created we assign birthright group membership using business roles. Identity Manager show the user have the groups but when I check in Active directory user and computers the user only have Domain Admin Users.
We have Groups Membership assigned based in the IT Data for Department and those groups are being projected correctly in AD. Looks like the issue is only for Groups Membership for business roles.
This functionality was working perfectly and stop working without major changes in our environment. The only change we recall before we notice the issue was this https://documents.software.dell.com/identity-manager/7.0.1/one-identity-manager-connector-user-guide/setting-up-synchronization-with-the-one-identity-manager-connector/configuring-memberships-provisioning this was applied due Identity manager was removing users from groups.
All the users have the Groups Can be Inherit flag set.
I also created a new business role for testing and for that role worked fine propagating groups membership to AD, but after couple days this new business role stop working like the other business role.
