We currently have a target system where many applications are linked to, and we are managing all the groups defined in it through UserCube.
Now, we also want to manage the Local AD groups and in the future, Entra ID-only groups as well.
Can we just create a separate directory for each of them or since they are all groups, should they all be added and managed from a single Directory_Group?
Hi Kamil,
For starters, Identity Manager is not meant to manage groups in target systems even if technically it is possible to do so.
That said, in general, you can create all the groups into the same EntityType Directory_Group.
You can also link several groups from different systems to the same directory group in Identity Manager so they can be updated at the same time if needed.
In this case, the logic will the same as for Identities: when you update a group attribute in Identity Manager it will evaluate the scalar, query, navigation rules and update the different linked groups accordingly.
You can also have as many Directory_Groups as target groups in each system and have a one to one link.
In that case, you might need a specific attribute in Directory_Group to define the target system (LDAP, AD, EntraID, etc)
Important: managing dynamic groups (with ldap filters for example) is not recommended.
Hello Hazem,
Your statments is confusing me 
I thought that this was the purpose of Netwrix Identity Manager.
AD is a target system with groups that you should manage with Identity Manager. Is this incorrect? I thought you should manage the identity lifecycle, which means you can create group identities and manage their entire lifecycle.
For me there are 2 topics: