You are seeing errors in the Enforce console under:
Under System -> Settings -> Directory Connections -> [connection name] -> Index and Replication Status
This may cause AD-based group rules/exceptions to not work correctly
Info localhost log:
]; nested exception is javax.naming.NameNotFoundExcep
An object is being searched for with an exact query for example:
If the object has been moved or deleted, the AD query no longer resolves and the objects will have a red cross against them in group details:
The solution involves two steps:
A) Eliminate the bad references in the User Groups:
B) Add an error threshold, so a new version of the index will still be created, even if there are some unresolved items. NOTE: This option should be used if you are seeing consistent numbers of unresolved items that you are unable to eliminate with step A.
# The percentage of corrupted and ignored records allowed for active directory index
In rare circumstances, the LDAP request returns an active directory record that indexing logic cannot process and breaks the index, so a threshold value was implemented to ignore such cases.
# Number of attempts to reconnect to active directory service
The Enforce LDAP client may drop the connection in the middle of indexing resulting in a rejected index. As indexing can take hours, a reconnection logic was implemented so the indexer reconnects the number of times specified in the property before terminating.