Running ambari-server sync-ldap --all does not appear to create group memberships in Ambari version 2.2.1. This is working in an identical configuration we have running with Ambari version 2.1.1. Did something break? AD domain users can log into Ambari 2.2.1 fine, but no LDAP users belong to the AD security group that is also present in Ambari. Have tried removing all users from the AD OU folder and syncing, then putting them back and resyncing. User and groups come and go as expected, but the group membership linkage from AD is not present in Ambari.