What is a one sentence summary of your feature request?
Enable support for creating Smart Groups, dynasties, and distribution lists that span multiple on-prem Active Directory forests.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Currently, Directory Manager allows dynamic group management within a single Active Directory forest, but it lacks support for building domain local security groups, Smart Groups, and dynasties that can include users from multiple on-prem forests. In many enterprises, users and resources are spread across multiple AD forests due to mergers, regional structures, or business unit separations. Without cross-forest Smart Group support, administrators are forced to manage duplicate group logic and memberships separately in each forest, which increases complexity, risks misalignment, and hinders centralized identity governance. Enabling cross-forest Smart Groups would streamline group administration, improve consistency, and support unified access control policies across the enterprise all while retaining the automation and dynamic group logic that make Smart Groups powerful.
How do you currently solve the challenges you have by not having this feature?
We rely on manual processes, scripts, or external synchronization tools to replicate group membership logic across forests. This workaround is time-consuming, error-prone, and does not support real-time updates, resulting in stale group memberships and inconsistent access across systems.