Hi, Matthew.
Cache Refresh is, by design, a rather simple tool. It will request LDAP attributes you specify in "Source attributes" list, and will craft a local user entry using them (subject to mapping rules). So if you request "memberOf", you'll get the same list of values you would get with LDAP search for this user, nothing more.
For anything more complex than that, there is custom script for CR feature, where you can implement additional actions, inlcuding making additional searches for more group memberships.
>Apparently this a thing with AD. Is there anyway to turn use the LDAP_MATCHING_RULE_IN_CHAIN AD rule?
Interesting. I'll try to test it and let you know. Overall, I think we could make use of more flexibility in cofiguring what LDAP queries CR uses when searching for users.