Because of heavy load on our DC coming from multiple applications doing constant LDAP queries to them I'm trying to remove all this traffic by replicating our AD in an AD LDS instance.
We do have 6 child domains for which i created application paritions and sync the proper OU and attribute properly, all this is fine, but now, we do have a lot of overall access management univsersal groups that are created in the root domain and used for almost everything, and though i also created a parition for the root domain in the same instance of AD LDS, all group membership are removed with
Will not synchronize dn-ref to be13d726f61d3e4dbc22e64a8eb8d591. Target does not exist.
I don't seem to find any way of synchronizing universal group memberships in this kind of setup, is it achievable with AD LDS?
Thank you !
Régis Hambalek