Maybe it helps.
I had simillar issue. but i foud that i have only users cached in the OS.
I double checked settings about users in DataEncryption users, check the recursive option is selected.
Select this option caused that all users from the AD group was added to EEPC. Uncheck this option, and found that all non-cached users was removed.
Try to check this and let know if it helps