Run a GPRESULT command on the PC of the user which you added to the group.
It will show you groups the user belongs to from the information in the
current access token and not directly from AD. This will help you see if the
group is being added at logon.
As well as replication latency the problem could also exist because the user
is logging on with cached credentials if it can't contact a DC. This can
sometimes happen when using wireless clients amongst other reasons.
Best regards
Joe Dunn
MCSE, MCTS, CCNA
"loneieagle" wrote:
> Replication took place in under a minute, even with two hops. So
> replication doesn't seem to be a problem. It's just if I add someone
> to a group (which also replicates quickly), they don't get the access
> they should be allowed for a while even after they log off and back
> on. It seems like a user cache is not getting updated when they re-
> logon. Is that possible?
>
> On Mar 17, 1:28 pm, "Santhosh Sivarajan" <santh...@online.ss-
> infrastructure.com> wrote:
> > Where is the user located? Are these users using the remote DC? If they
> > are using the remote DC, it could be a replication delay. Do you any AD
> > replication issues?
> >
> > Create a new group from your main location and logon to a remote DC and
> > open ADUC. Can you see this Group? Just find out how log will it take to
> > replicate the new group to this DC. You can perform a force replication if
> > needed.
> >
> > --
> > Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA,
> > Network+
> > Houston, TXhttp://blogs.sivarajan.com/http://publications.sivarajan.com/
> >
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> > "loneieagle" <b...@tds.net> wrote in message
> >
> > news:2d84c957-bcbf-49b1-9c11-...
> >
> >
> >
> > > We have a single domain with Active Directory running in 2003 mode.
> > > When we add a group to AD and add members to the group, the new group
> > > permissions take a long time to become effective, up to 24 hours. We
> > > have the user log off and back on.
> >
> > > Is there something that could be causing this? The AD and member
> > > server where the documents are that the user is trying to access are
> > > in the same rack with a 100MB switch. There are other DC's in the
> > > domain connected by VPN.
> >
> > > Any help would be appreciated.- Hide quoted text -
> >
> > - Show quoted text -
>
> .
>
|
Similar Threads
Linear Mode
