Newly added active directory users do not appear on the firewall unless configuration changes are done to the User-ID agent and committed.
The new user also doesn't show when running the following command:
>show user group name "domain\group name"
The issue can occur even after several days after the account has been added.
The user-id process needs to be refreshed/reset.
Follow commands below as a workaround.
>debug user-id refresh group-mapping <all/group-mapping-name <group mapping profile> >
If the above command does not list the user, run the additional two commands:
>debug user-id reset group-mapping <all/group-mapping-name <group mapping profile> >
The user will get listed as a group member.