I have some AD Groups I would like to exclude from a business unit I'm using. I have standard group names across multiple OUs, some should be a part of the business unit, others should not.
The Membership rules specify that all children of the Customers OU should be included. Then I have an Exclude by Query to find all groups with Admin in the group name.
When I create the query it looks like this: (&(objectCategory=group)(cn=*Admin*))
When I click on the Affected Objects button I can see only the groups I want to exclude, I have the Exclude Specified Objects checkbox checked.
However when I apply the membership rule I can still see the groups under the business unit and the people using the web console can still see them.
I did try adding the specific groups to the business unit rather than using the query and that works but would be a lot harder to automate than simply having a working exclude query. Any thoughts on how I can get this working?