As per support 20107516, it would be helpful for the OOTB UNIX connector to allow for the following in regards to Primary Group:

1. Allow for the ability to dynamically assign a Primary Group.  Currently the Primary Group is a hard coded DN of a UNIX Group.  This does not allow for the flexibility to manage the Primary group through a single Account Template / Provisioning Role.  While this can be achieved by updating the Account Templates in the Provisioning Directory, there are potential issues with this if people are not careful.
2. Allow Primary Group to be assign through GID and not just UNIX Group Name / Group DN as currently configured.  By requiring Group Name this would require a schema extension to create another attribute to store Group Name, and in the PosixAccount schema GID is already there.  So it seems a bit overkill to manage both if not required.

By extending the functionality of the above, there will be less required PX / Identity Policy logic to assign or reassign users to the proper Primary UNIX Group, along lessening the number of Provisioning Roles / Account Templates that would need to be created to manage Primary Groups across multiple UNIX endpoints.