Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
sanglyb2019-04-05 15:10:12
Active Directory
sanglyb, 2019-04-05 15:10:12

Why is the user not a member of the AD group until two restarts?

Actually, something happened and now in the domain, if you change the user's membership in groups, these changes are not applied as always.
Previously, the user simply logged into the system and his account understood that he was in a group. Something happened right there, and now the changes reach the account only after two restarts.
At the same time, an interesting observation is that if the user was not previously in a changeable group, then changes occur during the first restart, but if he was already in this group, then only from the second.
If someone does not understand, I look at the status of the account's membership in groups using gpresult / R
Question - in which direction to dig? My head is already starting to boil. In the logs on the domain controller and the computer - everything is clean. As I understand it, after the first restart, for some reason, the kerberos token stopped updating. But here's how to check it, and most importantly fix it.
This happened on all computers on the network.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
sanglyb, 2019-05-24
@sanglyb

Understood. In 10k, something was changed, and the initialization of the network takes longer than with previous versions of the OS. The domain has a policy enabled by default to allow sign-in and group policy processing without waiting for the network.
In short, it turned out like this - the user logs in, the network is not initialized, the data is taken from the local cache. The network appears, the cache is updated, but the user is already logged in, so you need to log in again so that the data is finally updated.
https://www.mytechnote.ru/article/dlya-primeneniya...

Report
A
athacker, 2019-04-06
@athacker

Have you tried logging out the user and waiting a while before logging in again? I would bet that the changes have not yet been replicated to the first relogin, but while the user logs out and logs in a second time, everything is already flying.

Similar questions
I
Igor2020-08-20 06:57:56
Time synchronization in AD via NTP - server, what's wrong? 2Reply
K
Kirill Serov2020-08-21 19:15:32
ASP NET identity Core 3 user authentication from Active directory? 2Reply
F
freeSTUD2021-12-07 19:04:38
How to properly install AD on wmware? 2Reply
M
Mr. Abdu Jan2014-03-06 09:58:07
How to display usernames and surnames via LDAP? 1Reply
B
bigazzzz2020-08-31 14:38:19
How to solve RPC server is unavailable error when replicating domains? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question