IHAC who is running Windows 2008 Active Directory. They do not have any static groups as it is almost impossible to maintain the same with more than 140K users.
They have attributes for users which give information on their department, vertical, Hierarchy/Level, and Location. They have Query Based Distribution List Objects(QBDL) in the AD which are basically queries to get list if users based on attributes. The requirement is to have Vertical and Department based policies and exclusions for corresponding users for example only HR can send CVs and offer letters, Location based exclusions for Europe, Location based regulatory policies for USA, Hierarchy/Level based exclusions for top management and so on. They need this for all DLP components including endpoints which is where Synchronized DGM comes in.
We have integrated with AD(windows 200*) but QBDL only show up as individual objects and do not expand or shows users. Is there any other way of doing this without using static AD groups. Adding individual users is not an option due to size of the organization.