I have heard that ISE 2.x can automatically import and/or track AD groups which helps if an AD group is moved, deleted, or created. Is that correct? With the old way, you had to add or remove groups manually if AD groups were deleted, created, or moved to another OU. Groups being moved around in AD always caused problems due to the OU changing so the AD group mapping would be wrong for authentications/authorization.
If this is correct, where is that setting because I can't seem to find it? Is there some kind of schedule to set?