I can do simulations on local users, but not AD users.
Is there any way to do this? It seems like the roles that get applied to AD users are roles that
are set to Any. I think simulations are very useful but in an AD environment it doesn't work.
you are correct: simulation does not query the AD server. This means group-based rules cannot be tracked; this is by design. i will post the KB link once I find it again
It would be nice to use simulation if possible, because 1. it doesn't require the user to login to troubleshoot and 2. I would like to see what roles a user matches. Including a stop rule so the user doesn't apply to more roles underneith that stop rule.