Symptoms

During the destination users assignation, some of the Group members are excluded though they are member of the AD Group
 

Diagnoses

A look into the identity tables reveal that this was caused by disabled identity member record. This is not supposed to happen as the user still active in AD
 

Resolution

This is due to Slash in between domain OU and it's a known issue in Blackpearl 4.6.8. ADUM will have difficulties to resolve those users in domain OU with slashes.

Resolved by a combined coldfix that targeted this issue.