that script is still on the communities (which i wrote where we first met ) but it's been replaced by product functionlity. there are blcli commands, and gui functions for rbac user sync. i believe and admin and or user guides detail this.
you create some queries and associate them w/ a role. when the sync runs, it populates the roles and creates the rbac user objects.
I was going to add "a BL script written by a nameless BladeLogic guru" to my original question above. And I think I did find the scripts here, although I have not taken a look at them yet.
As for the new product functionality, reading the documentation and it is unclear if it actually syncs the AD groups with the BL Roles. For example, like for provisioning (and de-provisioning) new users like in the use case above. Just to clarify, you're saying it does. Correct?
At a customer site so I want to be absolutely certain.
Yes – it does exactly why my script does.