Symptoms
Searching users to assign permission works just fine. When trying to resolve user identity it fails. The error on the forceidentityrefresh is the following in the HostServer logs:
Error 64007 Provider did not return a result for K2:DOMAINUser_name on GetUser Error 64010 The Identity User:K2:DOMAINUser_name, does not appear to be discoverable or does not exist.
Diagnoses
See resolution
Resolution
When you enable "Resolve Nested Groups" and the Active Directory group has an "@" symbol in its name, then that group will be disabled in the identity cache, and all the users in that group as well. The workaround here is to disable "Resolve Nested Groups". However there is a coldfix available for 4.6.10, Please request the ADUM rollup coldfix to resolve this.