adclient.group.ignore.blocked.domain.members

You can use this parameter to ignore group members from explicitly blocked domains. This parameter prevents adclient from refreshing the group membership due to blocked or unreachable domains; in this way, other membership changes can still be picked up.

For example: some cross domains are blocked by the firewall and some groups have members of those blocked domains. In this case, the group membership refresh fails and reverts to an old list. To ensure that groups from a blocked domains are ignored, you enable this parameter and explicitly block those domains with the adclient.excluded.domains or adclient.included.domains parameters.

This adclient.group.ignore.blocked.domain.members parameter is for use with cross domains. For cross forest domain members, please use the adclient.one-way.x-forest.trust.force parameter.

The default value for this parameter is false.

adclient.group.ignore.blocked.domain.members: false