I'm having some problems with the target audiences I have set up in my SharePoint 2010 farm. I have set up a single rule for each target audience in Central Administration, pointing to a group in Active Directory. Up until a couple of weeks ago I had no problem using the people picker to look up AD grups and everything seemed to be working, but now I am suddenly not able to find any groups in AD.
The User Profile Synchronisation is running without any errors. I have already performed a full synchronisation and compiled all audiences with no luck. I have also checked the property called peoplepicker-searchadforests with stsadm and that appears to be correct as well. If I try and look up the same AD group in a peoplepicker on one of the site collections it is immediately displayed with no errors. All of the AD groups I'm using are global security groups and the ULS log contains no errors from when the target audience compilation started until it ended.
What puzzles me is that AD groups on our test environment can be found in the peoplepicker in Central Administration without any problems, despite the fact that the target audience rule fails with the message "Non-existent Membership group...". It would seem to me that SharePoint does not look up the security groups directly in AD but rather somewhere else - a lot of posts suggests that SharePoint stores information about target audience it in the ProfileDB but I haven't been able to find which table.
I know I'm leaving out a lot of other details but what I really need to know is how I can investigate this issue further, e.g. does SharePoint in fact look up the groups in the ProfileDB and if so from what table? Is there any kind of tool or technique I can use to actually see what happens in SharePoint from the moment I try and search for an AD group in the people picker?