AD: Establish cross-domain memberships after enumeration finishes
Because domain enumeration currently works for each domain separately,
the code has to establish cross-domain memberships after all domains are
enumerated. The code works as follows:
1) check if any *sub*domains were enumerated. If not, do nothing
2) if any of the groups saved had more original members than
sysdb members, check if members of these groups can be linked now
that all users and groups are saved using the orig_member
attribute of the group matched against originalDN member of the
user.
Related:
https://fedorahosted.org/sssd/ticket/2142