powered by Jive Software

Some AD users are missing from groups

Hi all.

I have a wierd case of users not showing up in groups.

The problem is that a few users (2 out of 10 in my case) in a group do NOT appear on the Jabber contact list for that shared group.

I am using Active Directory for user management and OpenFire is connecting to AD via LDAP. That works fine.

Everything works fine, except 3 users, that ARE in the groups in AD but not in OpenFire.

Can anyone help me out with this? How can i resolve this issue???

in your active directory group, are these users actually in that group, or are they in another group that is in the first group, a nested group? if so then that won’t work. nested groups is a weird way MS has extended membership and its not supported any where outside of AD.


are you pulling in more than 1000 users into openfire? if so than you are running into a hardcoded feature of active directory to only query for 1000 users.

You can change that 10,000 object limit via Group Policy. Go into Group Policy Object Editor and it’s under User Configuration\Administrative Templates\Desktop\Active Directory\Maximum size of Active Directory searches. The default value is 10,000 objects…

…I think I misunderstood you, Jason. You were probably referencing this: http://support.microsoft.com/?kbid=315071 You can change that(MaxPageSize) setting, as outlined in this M$ article.


Message was edited by: dankdub

The groups I use are secondary groups that I only use for OpenFire.

I organize users into these groups based on their department and location, then I use OpenFire to share these groups

to each other.

This has always worked before, suddenly users are not appearing in the groups when I view them through the OpenFire web interface.

I have approximately 40 users, so I don’t think i’m having problems with 1000 or 10.000 object limit.

Any other ideas???! I am a few days from dumping OpenFire completely due to this currently unresolved problem! :frowning:


Now I have users, that do appear in the groups in the OpenFire web interface, but do NOT get the shared roster. I can see

the user in the group, but when I click on “Roster”, the list is empty!

What is going on?

I wish I had a deeper bench of knowledge with this product to help you solve your issue. I’ve not encountered this issue thus far. Are the (3) new accounts?

hello. I’m having the very same problem. Some users are missing in contact list, although they are shown in group when viewing admin interface. Groups are not nested, and I certainly don’t have a thousand of users in Active Directory. The accounts are not newer than others. I honestly don’t know how they are different. Any suggestions?

Yes, this is a wierd issue.

This is most definatly a problem with the OpenFire system itself. No other systems using AD are having any problems.

This is STILL going on in my setup and I have not found any solution.

I am currently running version 3.6.4 that was installed from scratch a few weeks ago, the problem still persists.

Somebody please help us!

haven’t you tried to downgrade, by chance?

oh, I seem to get rid of the problem just now! I’ve been asked to make “displayName” show in roaster instead of “cn”. So I switched them in admin interface, then went to Server > Server manager > Cache Summary and flushed all the caches. Connect to server… and voilà, problem’s gone! I guess some bad caching or something.

I had the same problem a time ago, see how a get a palliative solution: