changing AD primary group results in no synch - bug ?

Steven_Bengtson

we use the Active Directory (AD) group "domain users" as the department for everyone. However wanted to change this for a few users, and remove the domain users permission in AD. To do this you need to make another group the primary group (talking about AD here) before removing domain users. I then set this new group via ADSIEDit to be the one that is synched to become the department.What I"ve found is that directory services won't synch in this scenario, it bombs at that user. There seems to be some dependency on that "primary group" setting as you can work around it by setting some other group that isn't being synched into livelink the "primary" group (its only used in POXIX or Mac applications anyway) in AD and then it will work fine, the new group will correctly be set as the department and your account will be a member of that group.A did a search in DS documentation and found no mention of any dependence on the AD setting for primary group.