The members of a Novel group, are not being updated on the AD side though both the group and the members are in the project, and both are either matched or migrated.
Starting with Migrator for NDS version 4.4 and above, the tool only updates membership to all listed under the "Security Equal to Me" of the NDS Object, anything under the "Membership" tab is not updated. This change was made to reflect actual behavior of Novel Netware.
In order to replicate the behavior of Novel Netware, NDS Migrator will use the "Security Equal to Me" list rather than the "Membership" list. Users, who have been added to the "Security Equals to Me" list of a Novell Group or Organizational Role, are included in corresponding Active Directory groups on the target system.
This is expected behavior of the Migrator for NDS because the "Membership" list and the "Security Equal to Me" list of a Netware group typically are identical. Any changes made to the "Membership" list made using Netware administration tools produces a corresponding change in the "Security Equal to Me" list.
However, the lists can become different if administrators edit the "Security Equal to Me" list rather than the "Membership" list, using Netware administration tools. In this case, Netware will use the "Security Equal to Me" list, rather than the "Membership" list when calculating group membership. Please ensure the the required users are under the "Security Equal to Me" tab on the NDS Group as that is the correct method of assigning the permissions.
There is a tool that will identify the differences between the Group Membership attribute and the "Security Equal To" attribute and also create a LDIF file that can be used to synchronize this attributes (the source being the Group Membership list).
For more information on effective rights in NDS please see Novell TID 10012759