What "two groups" you have in the same AD OU? Groups of what?
You may create two separate connectors for the same AD OU if you use different name attribute in each of them (to avoide name duplicates in database). Technically possible, but I'm not sure what practical purpose would that serve.
I have two diffrent global groups in the same OU, I want to map every one of them to anther user group in the EEM.
Do I have to use two connectors?
GlobalGroup_A ->> to be mapped togroup A in EEM
GlobalGroup_B ->> to be mapped togroup B in EEM
Yes. Because you can define more precise object filter only at connector level. And you would need that, if you want special object filtering that is not related to OU selection alone.
Cleaner approach would be to separate AD groups with different OU's, though.
As far as I know, the user object need to be in the same OU where the group,
so if I have the Account users that in AccountOU, and I want to use two groups,
I have to use two connectors.
so , the cleaner approach is not so helfull in this case.
mappings are based on what's in the users object itself, so open the user in something like LDAP Browser, and then look at the attributes.
you can use any of them to make a mapping.
for groups, it's a MemberOf attribute that you would use - it does not matter where the group is, only that the user record has an attribute linking to it.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center