group-info option of wbinfo command doesn't shows member's users of the group. For example this is the result of the "domain users" group: $ wbinfo --group-info dominiocsa\\domain\ users DOMINIOCSA\domain users:x:10513: but there are 123 users members of "domain users" group: $ for u in $(wbinfo -u); do id -G "$u"; done | grep -c 10513 123 Piviul
See smb.conf: winbind expand groups (G) This option controls the maximum depth that winbindd will traverse when flattening nested group memberships of Windows domain groups. This is different from the winbind nested groups option which implements the Windows NT4 model of local group nesting. The "winbind expand groups" parameter specifically applies to the membership of domain groups. Be aware that a high value for this parameter can result in system slowdown as the main parent winbindd daemon must perform the group unrolling and will be unable to answer incoming NSS or authentication requests during this time. The default value was changed from 1 to 0 with Samba 4.2. Some broken applications calculate the group memberships of users by traversing groups, such applications will require "winbind expand groups = 1". But the new default makes winbindd more reliable as it doesn't require SAMR access to domain controllers of trusted domains. Default: winbind expand groups = 0
Thank you very much stephan, that solved the problem! Piviul