Active Directory Groups

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We've encountered a problem on a windows 2003 standard server in the domain
where users accessing the server's hosted application frequently get errors
regarding permissions. On further investigation in the 2k3 server, the logs
reveal that the users are connecting as members of a certain group, and not
the other, i.e.

Group1Users.Username and NOT
Group2Users.Username.

Some users are members of both groups, but the correct permissions are not
seen by the application/windows.

I would be glad for any advice and would elaborate further outside of the
newsgroup if necessary.

Thanks.
3 answers Last reply
More about active directory groups
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Phil,

    Not really sure what you are asking.

    Do you want to check the group membership of both groups? Just to make sure
    that each user account object is a member of the correct group(s)? This is
    a fairly common question. A simple search in this news group ( or in the
    WIN2003 news group ) will give you the howto: on that.

    If you are asking about the specific application then I am not sure that
    this is the correct approach. It might be better to contact the software
    company directly to get some tech support from them.

    As an aside, if user account objects are made members of a 'new' group then
    they typically need to log off and then back on before their 'ticket'
    reflects the membership of the 'new' group. But somehow I would not think
    that this is the problem......I would ass/u/me that this has been considered
    and addressed.

    --
    Cary W. Shultz
    Roanoke, VA 24012
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Phil B" <Phil B@discussions.microsoft.com> wrote in message
    news:E5CDE526-C535-4AFA-8DB8-46F5A8432F37@microsoft.com...
    > We've encountered a problem on a windows 2003 standard server in the
    > domain
    > where users accessing the server's hosted application frequently get
    > errors
    > regarding permissions. On further investigation in the 2k3 server, the
    > logs
    > reveal that the users are connecting as members of a certain group, and
    > not
    > the other, i.e.
    >
    > Group1Users.Username and NOT
    > Group2Users.Username.
    >
    > Some users are members of both groups, but the correct permissions are not
    > seen by the application/windows.
    >
    > I would be glad for any advice and would elaborate further outside of the
    > newsgroup if necessary.
    >
    > Thanks.
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Thanks for the reply, after some investigation I can elaborate further.

    We use Rational Clearcase which sits on a win2k3 server. We've been
    experiencing a few problems as of late which we have narrowed down to the
    fact that some users/computers, upon checking their credentials (on the
    client PC) you get a SID instead of a group, i.e. the group hasn't been
    resolved. ClearCase then throws an error as the 'user' isn't a member of the
    correct group (when it actually is, but it just hasn't been resolved).


    "Cary Shultz [A.D. MVP]" wrote:

    > Phil,
    >
    > Not really sure what you are asking.
    >
    > Do you want to check the group membership of both groups? Just to make sure
    > that each user account object is a member of the correct group(s)? This is
    > a fairly common question. A simple search in this news group ( or in the
    > WIN2003 news group ) will give you the howto: on that.
    >
    > If you are asking about the specific application then I am not sure that
    > this is the correct approach. It might be better to contact the software
    > company directly to get some tech support from them.
    >
    > As an aside, if user account objects are made members of a 'new' group then
    > they typically need to log off and then back on before their 'ticket'
    > reflects the membership of the 'new' group. But somehow I would not think
    > that this is the problem......I would ass/u/me that this has been considered
    > and addressed.
    >
    > --
    > Cary W. Shultz
    > Roanoke, VA 24012
    > Microsoft Active Directory MVP
    >
    > http://www.activedirectory-win2000.com
    > http://www.grouppolicy-win2000.com
    >
    >
    >
    > "Phil B" <Phil B@discussions.microsoft.com> wrote in message
    > news:E5CDE526-C535-4AFA-8DB8-46F5A8432F37@microsoft.com...
    > > We've encountered a problem on a windows 2003 standard server in the
    > > domain
    > > where users accessing the server's hosted application frequently get
    > > errors
    > > regarding permissions. On further investigation in the 2k3 server, the
    > > logs
    > > reveal that the users are connecting as members of a certain group, and
    > > not
    > > the other, i.e.
    > >
    > > Group1Users.Username and NOT
    > > Group2Users.Username.
    > >
    > > Some users are members of both groups, but the correct permissions are not
    > > seen by the application/windows.
    > >
    > > I would be glad for any advice and would elaborate further outside of the
    > > newsgroup if necessary.
    > >
    > > Thanks.
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Phil,

    Thanks for the update. I guess that I would contact Rational Clearcase (
    not familiar with that software ) to resolve this problem ( which I am sure
    that you have already done / are in the process of doing ).

    --
    Cary W. Shultz
    Roanoke, VA 24012
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Phil B" <Phil B@discussions.microsoft.com> wrote in message
    news:610D20FE-94C3-4787-8E58-6FF6AEBCF51F@microsoft.com...
    > Thanks for the reply, after some investigation I can elaborate further.
    >
    > We use Rational Clearcase which sits on a win2k3 server. We've been
    > experiencing a few problems as of late which we have narrowed down to the
    > fact that some users/computers, upon checking their credentials (on the
    > client PC) you get a SID instead of a group, i.e. the group hasn't been
    > resolved. ClearCase then throws an error as the 'user' isn't a member of
    > the
    > correct group (when it actually is, but it just hasn't been resolved).
    >
    >
    > "Cary Shultz [A.D. MVP]" wrote:
    >
    >> Phil,
    >>
    >> Not really sure what you are asking.
    >>
    >> Do you want to check the group membership of both groups? Just to make
    >> sure
    >> that each user account object is a member of the correct group(s)? This
    >> is
    >> a fairly common question. A simple search in this news group ( or in the
    >> WIN2003 news group ) will give you the howto: on that.
    >>
    >> If you are asking about the specific application then I am not sure that
    >> this is the correct approach. It might be better to contact the software
    >> company directly to get some tech support from them.
    >>
    >> As an aside, if user account objects are made members of a 'new' group
    >> then
    >> they typically need to log off and then back on before their 'ticket'
    >> reflects the membership of the 'new' group. But somehow I would not
    >> think
    >> that this is the problem......I would ass/u/me that this has been
    >> considered
    >> and addressed.
    >>
    >> --
    >> Cary W. Shultz
    >> Roanoke, VA 24012
    >> Microsoft Active Directory MVP
    >>
    >> http://www.activedirectory-win2000.com
    >> http://www.grouppolicy-win2000.com
    >>
    >>
    >>
    >> "Phil B" <Phil B@discussions.microsoft.com> wrote in message
    >> news:E5CDE526-C535-4AFA-8DB8-46F5A8432F37@microsoft.com...
    >> > We've encountered a problem on a windows 2003 standard server in the
    >> > domain
    >> > where users accessing the server's hosted application frequently get
    >> > errors
    >> > regarding permissions. On further investigation in the 2k3 server, the
    >> > logs
    >> > reveal that the users are connecting as members of a certain group, and
    >> > not
    >> > the other, i.e.
    >> >
    >> > Group1Users.Username and NOT
    >> > Group2Users.Username.
    >> >
    >> > Some users are members of both groups, but the correct permissions are
    >> > not
    >> > seen by the application/windows.
    >> >
    >> > I would be glad for any advice and would elaborate further outside of
    >> > the
    >> > newsgroup if necessary.
    >> >
    >> > Thanks.
    >>
    >>
    >>
Ask a new question

Read More

Windows Server 2003 Servers Active Directory Permissions Windows