We have Global Security Groups in Microsoft Active Directory (AD). Using Microsoft's "Active Directory Users and Computers" tool we can specify an AD Group (Global Security Group) as the Group Manager of another AD Group, i.e. specify another AD Group into "Managed By" field of another AD Group.
However, assigning an AD Group as Group Manager of an AD Group is not available in IM User Console or Provisioning Manager. Currently only User Account can be assigned in the "Managed By" field as Group Manager.
When we assigned AD Group as Group Manager of another AD Group using Microsoft's "Active Directory Users and Computers" tool and we run Explore then IM User Console shows null as the "Managed By" field. On this page, if we clicked [Browse] button the following error appeared
Error: Failed to fetch the account. This could be due to an unreachable endpoint.
Release : 14.4.x, 14.5.x
This is a known issue that is recorded in Engineering ticket DE574215.
There is no solution as of now as this feature was not included in the design. However, we plan to address this issue in the next release of Identity Manager.