Merge Local Group Membership

Use the Merge local group membership policy to determine whether to merge local group membership from the /etc/group file into the zone group membership for groups that have the same name and GID. For example, if the agent retrieves the membership list of kwan, emily, and sam for the group profile with the group name performx1 and GID 92531 from Active Directory and there is also a local group named performx1 with the GID 92531 with users wilson and jae, the merged group would include all five members (kwan, emily, sam, wilson, jae).

This group policy modifies the adclient.local.group.merge setting in the agent configuration file. By default, the parameter associated with this policy is set to false to prevent unexpected results.

Be careful when enabling this policy, because it violates normal NSS behavior and, therefore, may have unexpected side effects. You should analyze your environment carefully, and determine that you can safely merge local and Active Directory group profiles before enabling this policy.