Problem with bwdc forgetting goups

We use bwdc to sync our active directory into our selfhosted bitwarden instance. We have a group in AD called ITG that has 3 staff in it. In bitwarden this group is given Admin privileges “This group can modify all items”, we also have another group called ‘bitwarden’ that is used by the bwdc filter to insert new users into Bitwarden. It seems that when a new users is added and a bwdc sync is done, two of the three users in the ITG group are removed from that group, even though the AD clearly shows them as being in that group.

I can add them back and they get access again, but they will be forgotten once a new user is added to the bitwarden group.

I think it’s a bug.

Think I figured out what is going on here. It seems when the users Primary Group is set in the AD bitwarden will not use that group for that user. In other words, in my case I had the Primary group set to ‘ITG’ for the two users in the case above and bitwarden did not include them in the group, the other user had the primary group set differently. This can be clearly seen when bwdc test is done and the users that have the primary group set set do not appear in the member list for that group.

Now I’m not sure if this is a bug or expected behaviour for AD.