Active Directory Group Members don't match member attribute

I'm working with a vendor who needs to use LDAP queries to pull information on our Active Directory. The query pulls from the 'members' attribute of the AD Group directly. However it only pulls 8 of the 20+ users in this group. If I look at the group's Members tab, I can see all of the users, and they work without an issue. I switch to the Attributes tab and scroll to the members entry view the values which shows only 8 of the users. The LDAP query only pulls these 8 and not the rest of the users.
How do I fix this so the attribute and members list match without deleting/recreating the group? If I delete and recreate it would take down our production environment.

I've tried removing and re-adding users to the group and it does not fix the issue.

I'm going to guess that this group is the primary group for the users that you don't see in the member attribute. Members don't appear in the member attribute if the group is the primary group. I don't know why this is... blame Microsoft.

To find those users, look at the primaryGroupToken of the group. It will be a number. Then search for users that have that value in their primaryGroupId attribute.

Usually, the primary group is the built-in Domain Users group, which always has a primaryGroupToken of 513. So to find users of that, you would use this LDAP query:

(primaryGroupId=513)

According to the documentation, the primaryGroupId attribute is indexed, so you don't need any other criteria.

If you want to learn more about how memberships work, I wrote an article a while ago about What makes a member a member?