I am currently having an issue finding users in a security group. I have three Domains A, B and C and all three domains have one-way trust between them. ISE is only joined to Domain A and B. The users have be migrated from domain A to domain C, the computers are joined to domain B, and domain A security groups are still being used with ISE, because of the one-way trust setup between the domains. If you open the user's account and look at their members of tab in active directory you will not see the security group listed that they are members of on domain A, but if you go to domain A and look at the security group members on that security group you will see that users are listed under that group. The problem I am having is when I configure authorization rules referring to the security group on  domain A. ISE does not see that user as a member of that group. ISE is only seeing the users as a member of the Domain C's "Domain user" security group. My question is does ISE only check the users attributes to determine what security group the user is a member of?