To resolve this issue, create new groups in your Managed AD, assign users to the groups, and then sync the users to IAM Identity Center. Using new groups instead of the default "Domain Users" group allows group membership in the IAM Identity Center identity store.