When performing an AD Sync to Sophos Central, either:
The Sophos Central AD Sync utility users the 'member' attribute of the group object in order to obtain the list of members.
Note: To see a list of users that will appear in a given group, an application such as Microsoft's utility AD Explorer could be used to view the value of the 'member' attribute.
The 'member' attribute is limited to 1500 entries; after which a new attribute called 'member;range=0-1499' is created, populated and the original 'member' attribute is cleared.
As a result of the above behavior, if a group is created in AD and more than 1500 objects are created before the first AD Sync, the corresponding Sophos Central group will not be created as the 'member' attribute will be empty.
If the number of objects added to the group, and thus the 'member' attribute exceeds 1500 after the group is created in Sophos Central, this 1500 limit is also applicable.
Applies to the following Sophos products and versions Sophos CloudSophos Cloud AD Sync Utility
Where possible ensure that the number of member objects of a group is limited to just user objects and is less than 1500.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.