I was banging my head against the wall over this one for a few days. There was a particular AD security group (over 1000 users) that sharepoint could not resolve. Nothing about it (so I thought) was different than any of the groups that sharepoint could resolve. Same setup, OU and everything. Finally, I realized that the Alias name was not the same as the standard object name which is called the "Pre-Windows 2000" name in Active Directory. In 99% of all the cases, these are the same. For some reason,...