Encryption Management Server matches an unexpected Active Directory user during regrouping of consumers in multiple domains