Active Directory Account Template attribute (eTADSPolicy.eTADSmemberOf) as managed via Provisioning Manager does not allow you to specify a rule string for setting the list of groups.

The Provisioning Manager GUI and the Identity Manager tasks screens only allows you to pick a set of groups from a search list and there is no dynamic aspect exposed thru.

There is a workaround to use the ldapmodify command line tool through which the specific eTADSPolicy.eTADSMemberOf attribute in the Identity Manager's Provisioning Directory to set a rule string for the value. 

Once done, the Provisioning Server when reading the attribute, will evaluate rule string value, prior to passing the value(s) on to the connector.

Usual implementation maintains a multi-value attribute on the Corporate User that maps to one of the Provisioning User eTCustomFields (also multi-valued) and then uses the appropriate rule string for that custom field as the value for eTADSMemberOf.

The down side and word of caution is: You may lose this setting if the Active Directory Account Template attribute is later modified through one of the user interfaces.