We should have separate application definition by collecting AD accounts and groups which are relevant only to that specific application.
Already we have got specific group OU for each application.
Collecting the accounts and groups in a separate definition will fetch all active directory accounts again, it will be a redundant data.
So I need to collect only the accounts which are member of those relevant groups from the application OU.
How to handle this situation, there is no flag inside active directory except the attribute memberOf. But with memberOf attribute also, account search filter is not returning anything.