I have a "groups" managed unit that is a ldap query that pulls ~1300 groups across 4 domains. This is a simple wildcard name query based with about 8 different group names being searched for. This works fine and without any issues.
I'd like to have another "users" managed unit that includes the members of those ~1300 groups in the other managed unit. I don't want all members - I want to filter for only users from 2 OU in each of the 4 domains. This should be ~700 users.
The only solution I've found is:
- Build a dynamic managed unit (scheduled task refreshed nightly)
- Loop through all the groups in the groups managed unit
- Loop through the 8 OUs
- Add a custom ldap query for the members of the group
- Use a rule base of the OU i want searched
- Add the managed unit rule
- Loop through the 8 OUs
- Loop through all the groups in the groups managed unit
- This adds about 10,400 rules to the managed unit
This works - but it's extremely slow.
What other options are there to get a managed unit, full of group members based on another managed unit, that can be filtered down by OU/DN?