This is the case on my server as well. My guess is this an Active Directoy query issue. Namely the default Users container is just that a container or CN. Folders you create are OUs. Openfire cannot query within nested groups and groups in Active Directory are CNs. You should create any groups you wish to query in an OU, and not use the Active Directory system created groups. The system created groups should remain in their original container.
hmmm… in my plans i will put users into diffferent OUs, but not all of them.
Than how to get a group containg ALL users from domain?
Btw, in “Users” I see all of them, but not in Domain Users. Users who contains into other group have only other groups in properties, but noone have Domain Users
btw2, if it is like you are talking, than should be a similar problem with Domain Admins group, but I see members of it fine.
Regardless of the fact that the restictions on Domain Admins is completely different that Domain Users by default. OUs are not groups within the AD architecture. They are folders called organizational units. Your AD tree should be organized via OUs. It is bad form and quite limiting to keep users and computers in their default containers. You can either believe this or not. This is not an issue of Openfire IMO but a limitation of AD and your use of it.
I will try to explain this better because you do not seem to understand how AD LDAP functions.
OU= Organizational Unit - this structure is meant to hold containers such as Users, Computers, and Groups. The containers within this structure are what define your LDAP configuration based on your BaseDN.
BaseDN = Defined stating point for all LDAP queries. This starting point can include any number of nested OUs in conjunction with the domain. For example: OU=someOU2,OU=someOU1,DC=domain,DC=com.
CN = containers - Conatiners in Active Directory consist of User Accounts, Bound Computers, Security and Ditribution Groups, Users and Computers folders created by default by AD.
Now to answer your question specifically:
create an OU with in that OU you create a Security Group. Make all users accounts of your Active Directory, that should have access to chat, members of this security group. Once this group replicates to openfire share this group. Please refer to these docs:
It really is key to setup your AD structure in an organized way. This will aid you with future LDAP integrations as well as policy enforcement and software deployment. See my image below for an example.
The most likely reason that the filter returns no one is that everyone in the Domain Users group has that set as their Primary Group. Active Directory stores this information in the users “PrimaryGroup” attribute as a number (the group’s PrimaryGroupToken attribute), and NOT in the memberOf attribute.
While what has been revealed is true but again these default AD groups are not meant to be used for LDAP. You need to do what i previously stated. Not to harp but for your own security and management of your Domain you need to make changes similar to what i proposed. You do not need to copy my structure, but you should make one other than the default containers. You are doing yourself a disservice otherwise.