Setup a new Role and Account Microsoft Active Directory (AD) Import rule; however, when this rule runs, it does not bring in the expected AD group. Other rules bring in other groups as expected.

The Application Identity account had access to read the OUs containing target objects, but did not have access to read the attributes of the actual objects within the Organizational Unit (OU)

The customer in this case adjusted the permissions in Active Directory to allow the Application Identity account to read the attributes of the objects in the target OU.