The problem is with LDAP, the selection is incomplete.
When I do the same with softterra ldap browser (same criteria) they are in the list.
I have looked at two different customers and both have more than 999 lines in the selection.
The problem is the [count] => 1000
This means that ONLY 1000 lines from the active directory are read and then it stops! This numer should be much bigger or endless.
The limit of 1000 tems is a page size set by the LDAP server, but it can be changed with these commands on the LDAP server:
ntdsutil: ldap policies
ldap policy: connections
server connections: connect to server x.x.x.x ( here a few messages regarding connectivity are displayed)
server connections : q
ldap policy : show values ( here we will see all the values including MaxPageSize which is 1000 currently)
ldap policy : set maxpagesize to 5000
ldap policy : commit changes
ldap policy : q
ntdsutil : q
Today the active directory has been modified and your right is now does about 1200 lines, de scope is set to 5000.