A
A
axeax2015-06-10 17:11:43
Active Directory
axeax, 2015-06-10 17:11:43

Why does the user not see his group in AD?

The situation is this: there is a domain example.com. There are divisions: 1 - all computers, 2 - all users and groups.
Among the groups there is group A, which includes some users.
So, from a recent moment, the NEW users introduced into the "A" group no longer see themselves in the group, i.e. gpresult /V on the client shows that the user is only a member of the default groups (everyone, domain users, etc.), but there is no group A. But the server says that this user is in the group, and accordingly the client is a member of the group. All other users who were included in this group before yesterday see themselves there after updating the policy and after rebooting.
Multiple restarts of the client together with gpupdate do not help, I do not want to restart the server yet.
The server is accessible from the client by all ip and by all dns addresses. NTP is normal, the time is ticking correctly.
Additional information: server 2012r2, updates are disabled on it, Win7 clients (32|64), the number of users in the group is 22 (is there a limit?), group A is the global security group.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
axeax, 2015-06-11
@axeax

In short, I found where the problem was. I recently deleted one RODC, and on the same day I rolled out an update related to time zones on the servers, which caused sysvol replication to stop working. I rummaged through the entire registry, but it turned out that I just needed to clean up the DFS log and restart the service, apparently the PDC analyzes the logs for some reason and draws some conclusions ... i.e. RODC is not completely gone. After the done actions, everything worked.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question