Hey, I don't quite understand the question but here is my guess to what your asking.Under NTLM, Alfresco manages groups internally. So, NTLM pulls your users from AD and you create and manage groups within alfresco. If you have LDAP sync occurring with AD. Alfresco can populate its groups with groups the groups you define in AD. So if you make a group in AD when alfresco synchronizes, the group will be created in Alfresco and look identical to the group in ADIf you user LDAP sync, you get to choose the attributes that Alfresco will identify as a group and the lowest OU or CN in AD to look for groups. so it is possible to to have some groups in AD that alfresco synchronizes with and some it does notI am guessing you want to use AD for Alfresco groups but not populate all of them. there are two options to do this. the first, easiest and best is to place all the groups for alfresco in a single OU and then point the following variable at those groupsldap.synchronisation.groupSearchBase=ou=Alfresco Groups,dc=company,dc=com
another option is to create a unique attribute in alfresco groups you can identify with this varribleldap.synchronisation.groupQuery=(objectclass=groupOfNames)
I would advise against the second option. Let me know if this helps anyAdam
