I have a multi-domain organization with seperate AD's. No trusts allowed between their ADs. Shared office spaces for their workers. What are the limitations to implementing Dynamic Segmentation for endpoints in an organization like this?
Are you referring to doing the job solely via Meraki integration? You could possibly leverage their AD integrated NPS (RADIUS) server and have them give back some kind of Filter-ID attribute that you could use to provide the correct Group Policy to specific endpoints.
On the other hand, having all your "clients" handing out their own specifics might not be a good idea in your case.
I'd probably go with using Cisco ISE as your central point of Authentication and Authorization that is connected to each of your clients ADs (up to 50 currently). Leveraging their group structure, you could write specific policies that would be used to provide specific Meraki Group Policies to the endpoints
Both possibilities are similar, but you'll have way more control (and way less administrative nightmares) with the second one. After all, there are so many topics to be taken into account further so that an easy answer is almost impossible to be given with the information you provided. 🙂
You can also do the same thing with Meraki WiFi. You could have a single SSID, and dynamically drop users into different VLANs. You could instead dynamically push a group policy for the user which would allow you to configure lots and lots of settings for them.