I spend a few hours with this problem and it could be useful for someone.
I’m using users and groups from AD. I created a special account for connecting to AD, this account was in group Domain Users. I expected that this group has rights to view all records in AD normally (and I can do it by this account). I have search filter for users and groups, which accepts only records which are members of one special group.
When I tried to login with my admin account I failed. When I used different account I could login but I saw only a few users.
After long investigation I uncover, that my account which connects to AD hasn`t enough rights. I used ldp tool from MS and found that without filter I receive all records correctly, but when I use filter on member field it works only for few records.