User Groups enabled for identity detection within a policy.
Missed detections when User Groups are enabled.
Active Directory Index Replication fails. The active directory query returned an unknown error
Protect Error 1019: Active directory query returned an unknown error.
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000020EF: SvcErr: DSID-02051485, problem 5012 (DIR_ERROR), data 8333
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000020EF: SvcErr: DSID-02010575, problem 5012 (DIR_ERROR), data -1603

 

The unknown error has been seen where the number of results returned from the query exceed the maxPageSize configured for LDAP.

Solution 1: Re-define the directory connection to a specific group or Organizational Unit to be monitored.
Within Enforce, perform the following steps -

1. Create a new directory connection; specify a specific Organizational Unit as the Base DN.
2. Create a new User Group.
3. Using the new directory connection, add specific groups to be monitored from within the Organizational Unit.
4. Select, "Reindex on Save" and save the User Group.

Solution 2: Increase the MaxPageSize within Active Directory using the NTDSUTIL tool.
REF: Ntdsutil - https://technet.microsoft.com/en-us/library/cc753343(v=ws.11).aspx
REF: LDAP policies - https://technet.microsoft.com/en-us/library/cc770976(v=ws.11).aspx
REF: MaxPageSize - Maximum page size supported for LDAP responses (1000 records)

Suggested Change: MaxPageSize 1000 to 10000