Group membership search breaks with Active Directory's automatic range limiting for large groups

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

  1. You are using Microsoft Active Directory

  2. Large groups from Active directory will not sync with Confluence but smaller ones will

  3. When synching larger groups from Active directory there is an additional 'range' value in the results

Cause

For performance reasons, Active Directory puts an automatic limit on LDAP queries: either 1000 results (on Windows 2000) or 1500 results (on Windows Server 2003). The correct way to retrieve results past this limit is to use the range option, as described at the link below.

Resolution

Upgrade Confluence to a version greater than or equal to 3.5. As per the bug report found at CONF-21981 this issue is fixed in version 3.5 of Confluence.

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSymptomsCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community