I'm having trouble with role syncronization.  I understand that the roles currently sync only upon the first time a user logs on and the user account is created.  Any help/input is greatly appreciated.  Also, this is definitely not a demand...I found DNN about a week ago and am implementing it for my company's intranet so that I can spend some of my development time on another website redesign.  So far, I am loving DNN.  Anyway, here's a quick rundown of my settings.

DNN 3.2.2 on Win 2K3 server with IIS 6.0 and ASP.NET 1.1
Admin > Authentication settings
   WinAuth and SyncRole both checked
   Defaults and blanks for everything else
   All LDAP checks are sucessful...both domains on my network show properly

Admin > User Accounts
   None except for the admin account.  I've successfully authenticated with my network account, but haven't been successful in getting the roles to sync, so I just delete my account and try again with new settings.

Admin > Security Roles
   The default roles
   Two other roles to match an AD security group - names are in this format Doman\Groupname and Groupname.  Neither is set up to be public and neither is set up to automatically assign.

Web.config
   Using forms authentication

Login page has annonymous access unchecked.

I've tried several different naming conventions on the security roles.  After deleting my network account from DNN's user account page, I log off from the DNN admin account.  Then I close all browsers...clear all caches...and load the homepage.  The DNN site authenticates me properly...creates a new DNN account for my network user info...logs me in.  I then log out of my network account and log back in as admin.  Going to admin>user accounts, I see my newly created account with Domain\Username in the user list.  However, when I go to edit that new user account's roles, the DNN role has not been sync'ed with the AD role.

Once again, any input is appreciated.

Thanks!

Role synschronisation works if you have a Security Group in DNN with the exact same name as an Active Directory group and the user is a member of the group. DNN will not automatically create the groups that you are members of in Active Directory.

Nested Roles:

I've re-written all my code to handle this (i.e.- recurse through the members of a role until ti finds a match with the username) I'm just testing it but plan to put this back out to the community and get more involved in AD. Give me a week or so and I'll make the code available.

Other things I've done:

- Random passwords in the portal (it was not acceptable to me to expose the AD passwords to anyone)

- Moved the user registration into the Register model (Did not make sense to ask people to log in to register - that's what windowssign.aspx does.)

-  portal security settings are now not iignored (public, private none) and authorisation is back in place

- added a feature where an Administrator can add a user by simply typing the AD.

- if ADSI is enabled, do not show password reminder button.

I understand this.  As mentioned in my post, I created the Security Roles in DNN to match AD.  I am a direct member of one of the groups from AD that I tried.