Not all AD users showing up in "Scope"

Oh, and it may or may not be related, but on our Casper server (running OS X 10.7.5) I am no longer able to open the JSSDatabaseUtil.jar. When I double click it nothing happens. Was going to try running some database repairs in the hopes of fixing the above issue.

Any ideas on this would also be greatly appreciated. Thanks!

In our environment, they don't show up unless that user has enrolled a device. Once they do, their AD credentials show up as a scope option in our list.

Tagging on to what @qhle373 said, you also have to make sure when you assign the device it is assigning to the AD account and not creating it's own local account. Happens if you misspell a username.

A vendor here reported that Apple's AD plugin has a 1,000 computer/user paging limit…that might be causing what you are seeing…I can send or post sources if you need more info…

I believe it affects OSX 10.7-10.10, but I haven't tested it in a while.

Ok, that makes sense. Thanks for the replies!

As for the 1,000 computer/user paging limit... that would explain why some issues I'm having with a local website I host from OS X Server and trying to use AD credentials to control who can access which pages. Is there any way around this 1,000 paging limit?

Yeah, I've seen this too. You can see it directly in the Directory Utility.app. Open the app, make sure the "in node" is set to your AD domain path, then change the "Viewing" to Users or Computers or any other item. After it scans you can see on the bottom of the window it will show "1,000 records" We have over 50k users in AD here, so its definitely not pulling all records - not by a long shot.

I don't know of a way around this limitation.

According to our vendors, Apple has yet to resolve it and it has been an issue with the Apple AD plugin for many years now….

@mattschenk I'd add the users to an AD group (in AD), & then limit access using that group.