Unable to remove Groups from Modify Active Directory Account if the group is from another domain but for the same Active Directory forest.

Example1 :

We have three active directory domains (example A, B and C) in one Active Directory forest.

User xyz from domain B can be members of Groups from A/B/C domains.

When we access B.xyz account from Modify User's Endpoint Accounts > Modify Active Directory Accounts. We can see Groups from A/B/C domains in the Groups tab.

When we try to remove groups from domain A or C, the task completes but does not remove groups.

Example 2:

Unable to view/remove Group Members from another domain in the same forest.

When we access any Group under Endpoint > Manage Endpoint Groups > Modify Endpoint Group:

We can add members from another domain for the same forest but

it does not show existing members from other domains, so we cannot remove members from other domains in the same forest.

Identity Manager 14.x

The Active Directory Endpoint is not configured with SSL

Make sure that you have configured the Active Directory Endpoint to be configured using SSL:

Known Issues with Active Directory, Exchange, Skype for Business Server (Lync)