Encryption Management Server is assigning Active Directory users to Consumer Groups using Directory Synchronization. Specifically it is using the memberOf attribute to check whether users are members of specific Active Directory security groups. For example:
However, members of the Active Directory security group are not added to the Encryption Management Server group.
In Encryption Management Server 3.4.2 MP4 and above, the memberOf values from Group Settings are written to the Groups log, but only in debug mode. For example, the entry below shows a memberOf value failing to match because of a leading space:
memberOf=CN=Email Encryption,CN=Users,DC=example,DC=com skipped, exact value doesn't match with memberOf= CN=Email Encryption,CN=Users,DC=example,DC=com
The text in the Value field contains one or more spaces.
One or more spaces in certain positions within the Value field will cause regrouping to fail. This can include leading or trailing spaces and spaces preceding or following a comma. Spaces within the name of the container itself do not cause a problem. For example, all these value strings will cause regrouping to fail:
Remove all spaces from Value fields that use the memberOf Attribute, except for spaces within the container names.