The Cloud auth connector (BCCA) cannot see all the domains in a forest
It only sees the domains that have a direct trust relationship with the domain that the BCCA user is installed on
Domains with an indirect trust relationship are not found
Users from those other domains are not being returned and populated into the Cloud for policy creation purposes
Problem exists in the Authentication connector version 1.3.2000.442789 or earlier.
The problem has been reported to engineering. The issue will be resolved in the auth connector that ships with Cloud 3.0, if and when Cloud 3.0 ships. If you need this before 3.0 ships, please contact Blue Coat Technical Support and reference this KB article number.
The issue arises when there is an indirect trust relationship between the domain where the auth connector user is installed and the other domains in the AD forest. The auth connector will only see the other domains that have a direct trust relationship to it and to none of the indirect trust domains. This only affects the population of domain users and groups in the portal for policy purposes. It does not affect identification of users in the forest, such as for reporting purposes.