Hi Saurabh
Haven't been able to work on this. Do you have any support issue open for this?
But here is an idea.
If you know the GID and UID when you are supposed to create the user, add UID into customfield1 and GUID into customfield2.
On template, use set and use rulestring %UCU01% for UID and for Primary Group set it to %UCU02%
Then on the endpoint, utilize ExitSetup.ini located in /opt/CA/IdentityManager/ProvisioningUnixAgent/etc and add a PreExit script that will take the GUID coming from Prov Server and add the group. But only do this if it is a create command.
Also add a post exit script that will delete the GUID if this is a delete command
Cheers, Atle