Sign in with
Sign up | Sign in
Your question

Active Directory Groups

Last response: in Windows 2000/NT
Share
Anonymous
June 23, 2005 8:46:01 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We've encountered a problem on a windows 2003 standard server in the domain
where users accessing the server's hosted application frequently get errors
regarding permissions. On further investigation in the 2k3 server, the logs
reveal that the users are connecting as members of a certain group, and not
the other, i.e.

Group1Users.Username and NOT
Group2Users.Username.

Some users are members of both groups, but the correct permissions are not
seen by the application/windows.

I would be glad for any advice and would elaborate further outside of the
newsgroup if necessary.

Thanks.
Anonymous
June 23, 2005 5:47:19 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Phil,

Not really sure what you are asking.

Do you want to check the group membership of both groups? Just to make sure
that each user account object is a member of the correct group(s)? This is
a fairly common question. A simple search in this news group ( or in the
WIN2003 news group ) will give you the howto: on that.

If you are asking about the specific application then I am not sure that
this is the correct approach. It might be better to contact the software
company directly to get some tech support from them.

As an aside, if user account objects are made members of a 'new' group then
they typically need to log off and then back on before their 'ticket'
reflects the membership of the 'new' group. But somehow I would not think
that this is the problem......I would ass/u/me that this has been considered
and addressed.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Phil B" <Phil B@discussions.microsoft.com> wrote in message
news:E5CDE526-C535-4AFA-8DB8-46F5A8432F37@microsoft.com...
> We've encountered a problem on a windows 2003 standard server in the
> domain
> where users accessing the server's hosted application frequently get
> errors
> regarding permissions. On further investigation in the 2k3 server, the
> logs
> reveal that the users are connecting as members of a certain group, and
> not
> the other, i.e.
>
> Group1Users.Username and NOT
> Group2Users.Username.
>
> Some users are members of both groups, but the correct permissions are not
> seen by the application/windows.
>
> I would be glad for any advice and would elaborate further outside of the
> newsgroup if necessary.
>
> Thanks.
Anonymous
June 29, 2005 12:49:04 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for the reply, after some investigation I can elaborate further.

We use Rational Clearcase which sits on a win2k3 server. We've been
experiencing a few problems as of late which we have narrowed down to the
fact that some users/computers, upon checking their credentials (on the
client PC) you get a SID instead of a group, i.e. the group hasn't been
resolved. ClearCase then throws an error as the 'user' isn't a member of the
correct group (when it actually is, but it just hasn't been resolved).


"Cary Shultz [A.D. MVP]" wrote:

> Phil,
>
> Not really sure what you are asking.
>
> Do you want to check the group membership of both groups? Just to make sure
> that each user account object is a member of the correct group(s)? This is
> a fairly common question. A simple search in this news group ( or in the
> WIN2003 news group ) will give you the howto: on that.
>
> If you are asking about the specific application then I am not sure that
> this is the correct approach. It might be better to contact the software
> company directly to get some tech support from them.
>
> As an aside, if user account objects are made members of a 'new' group then
> they typically need to log off and then back on before their 'ticket'
> reflects the membership of the 'new' group. But somehow I would not think
> that this is the problem......I would ass/u/me that this has been considered
> and addressed.
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Phil B" <Phil B@discussions.microsoft.com> wrote in message
> news:E5CDE526-C535-4AFA-8DB8-46F5A8432F37@microsoft.com...
> > We've encountered a problem on a windows 2003 standard server in the
> > domain
> > where users accessing the server's hosted application frequently get
> > errors
> > regarding permissions. On further investigation in the 2k3 server, the
> > logs
> > reveal that the users are connecting as members of a certain group, and
> > not
> > the other, i.e.
> >
> > Group1Users.Username and NOT
> > Group2Users.Username.
> >
> > Some users are members of both groups, but the correct permissions are not
> > seen by the application/windows.
> >
> > I would be glad for any advice and would elaborate further outside of the
> > newsgroup if necessary.
> >
> > Thanks.
>
>
>
Anonymous
June 29, 2005 5:38:57 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Phil,

Thanks for the update. I guess that I would contact Rational Clearcase (
not familiar with that software ) to resolve this problem ( which I am sure
that you have already done / are in the process of doing ).

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Phil B" <Phil B@discussions.microsoft.com> wrote in message
news:610D20FE-94C3-4787-8E58-6FF6AEBCF51F@microsoft.com...
> Thanks for the reply, after some investigation I can elaborate further.
>
> We use Rational Clearcase which sits on a win2k3 server. We've been
> experiencing a few problems as of late which we have narrowed down to the
> fact that some users/computers, upon checking their credentials (on the
> client PC) you get a SID instead of a group, i.e. the group hasn't been
> resolved. ClearCase then throws an error as the 'user' isn't a member of
> the
> correct group (when it actually is, but it just hasn't been resolved).
>
>
> "Cary Shultz [A.D. MVP]" wrote:
>
>> Phil,
>>
>> Not really sure what you are asking.
>>
>> Do you want to check the group membership of both groups? Just to make
>> sure
>> that each user account object is a member of the correct group(s)? This
>> is
>> a fairly common question. A simple search in this news group ( or in the
>> WIN2003 news group ) will give you the howto: on that.
>>
>> If you are asking about the specific application then I am not sure that
>> this is the correct approach. It might be better to contact the software
>> company directly to get some tech support from them.
>>
>> As an aside, if user account objects are made members of a 'new' group
>> then
>> they typically need to log off and then back on before their 'ticket'
>> reflects the membership of the 'new' group. But somehow I would not
>> think
>> that this is the problem......I would ass/u/me that this has been
>> considered
>> and addressed.
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24012
>> Microsoft Active Directory MVP
>>
>> http://www.activedirectory-win2000.com
>> http://www.grouppolicy-win2000.com
>>
>>
>>
>> "Phil B" <Phil B@discussions.microsoft.com> wrote in message
>> news:E5CDE526-C535-4AFA-8DB8-46F5A8432F37@microsoft.com...
>> > We've encountered a problem on a windows 2003 standard server in the
>> > domain
>> > where users accessing the server's hosted application frequently get
>> > errors
>> > regarding permissions. On further investigation in the 2k3 server, the
>> > logs
>> > reveal that the users are connecting as members of a certain group, and
>> > not
>> > the other, i.e.
>> >
>> > Group1Users.Username and NOT
>> > Group2Users.Username.
>> >
>> > Some users are members of both groups, but the correct permissions are
>> > not
>> > seen by the application/windows.
>> >
>> > I would be glad for any advice and would elaborate further outside of
>> > the
>> > newsgroup if necessary.
>> >
>> > Thanks.
>>
>>
>>
!