Im trying to find out how to manage 15000 students in a IDM-sollution. Alle students are forced to authenticate trough HP Access Controll Server to get wlan-access.
All students are registred with an attribut "employeType" = STUDENT an at the same time all students are member of groups that describe their study/course. The HP ACS check group-membership and put them in the right network policy.

We where thinking to create one group called "No internett". If one class is having an exam, then we put this class into the group "No internett" and the HP ACS give them a policy that block them from internet, but they still have access to printers.
This works!

Now our challange is to searce and select the right class. The students have the class-name defined in "Department". "Department" is in LDAP the same as "OU". So we tried out to searce for all students with the Department equal "DE2A" and it works. Then we use "Multipel select" to add all students in "DE2A" into the group "No internett". This work!

Now the problem! When the exam is finished, then we have to remove the from the group "No internett". I do exactly the same; Searce alle students with "ou EQUAL DE2A" - Multiple select all - Modify users - Group membership - Select group and choose REMOVE(Remember this is in multiple select).
Now iManager remove ALL groups and not only "No internett".

This must be a bug in iManager2.7.2 or...!!!