Did a sync on a windows 2008 R2 fully patched server (left it for 5 hours, it finished after 2)
no errors, sync is running, no pending actions.
Many users missing from “domain users” group, not all but maybe 10, even though it was confirmed they were in the group BEFORE the sync.
Also some groups are shown as being in other groups.
for example in the LDAP server “groups”-> Domain users-> advanced settings
Member of:
Membership in other groups…
“users”
BUT
if you go to the “users” group, “domain users” is NOT shown as a member…
Also if you go into “domain users” ->general tab
it shows the user members of the group,
but the “groups” window underneath is empty, surely it should show the group “users”,
since it has individual “users”
but if you go to the windows AD server it clearly shows “domain users” as part of the group.
as well as “domain admins”,“domain computers”,“domain guests”
etc…