EEM was initially setup to use the BASIC LDAP connection only.
This was updated to use Multiple MicroSoft Actve Directory Domains
When setting this up, you are prompted to provide the domain name. This is looking for just the name (second level domain) without the top level domain (.info, .com, .net, etc). So if your domain is company.net the second level domain is "company" and the top level domain is ".net".
So for this issue, the first entry in EEM was set with just the second level domain, and the second entry was set with both second and top level domain.
In process Automation, when Multi MS AD domains are set in EEM, we need to define a default AD domain. The setting in the oasisconfig.properties file is
In this case, the defaultDomain was set to company.net
To resolve the issues with the users not being able to complete any tasks in CA Process Automation, the following was done:
1. In the EEM User Store, when setting up the Multiple Active Directory Domain, the domain prompt for each was set to only use the second level domain name, ie: company and company2 instead of company.net or company2.net
2. In the oasisconfig.properties file, the defaultDomain was set to company and not company.net as:
3. There was a modification in the group level configuration in EEM to resolve all of the groups in both AD servers. To do this, log into EEM to the Global application as EiamAdmin, select Configure, then User Store, then from the left menu Group Configuration.
For the top section - Global Group Configuration
Set the Group Resolution Level: to Resolve Direct Groups, and change the Group cache size from the default of 1000 to 5000.
The Application Group Configuration should be set as Resolve nested groups.
At this point, you can now log into Process Automation and complete tasks. If you are a member of the default domain (company) then you only need to use your "username" to log in. If you are a member of the other domain (company2) then you must use "domain\username" or in this example "company2\username" to log into Process Automation.
Users of either domain will be able to complete tasks.