The settings have not changed; I used these exact same settings and the system previously enumerated all users from all domains.
I did downgrade to 3.8.2--which used to work perfectly--and it now too will not accept sub domains. So this seems to be something wrong in AD. An update maybe? I can see single subdomains when doing the following, but that does not help me:
Host: 1.1.2.1
Port: 389
Base DN: dc="sub",dc="domain",dc="local"
Administrator DN: cn="Administrator",cn="users",dc="sub",dc="domain",dc="local"
The *only* thing I can think of is about a month ago one of the sub domains was removed from AD. I could understand if that caused a problem reading old users...but with a fresh install of Openfire, I would also think that would resolve itself.