Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD Synchronize Roles Not WorkingAD Synchronize Roles Not Working
Previous
 
Next
New Post
11/8/2007 5:47 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Erik wrote

It's a role.  I don't have anything in "Role Groups", except the default .

My AD structure is such:

Forest Level

Domain Level

Org. unit

Group ("PDWE-TimeSheetEntry')

Thanks Erik. One other thing I can see that might be causing it and it's a bug that's been around since the original AD Provider. I see that you have it listed as Forest Level and then Domain Level. I'm assuming that means Forest Level (domain.com) and Domain Level (staff.domain.com) as an example. Which is the AD provider pointing to? domain.com or staff.domain.com? From what I remember from other posts role synchronization wouldn't work properly unless it was pointing to the branch in the forest it belonged to (in this example dc=staff, dc=domain, dc=com). I haven't got the facilities currently to build a forest in that format so I haven't been able to test or try code around it.
 
New Post
11/12/2007 4:25 PM
 
lewk

Joined: 4/24/2007
Posts: 2

That's a big issue because in many companies AD is organized in such way. In my too...and I have this same problem. We have two servers - Test and Production. Synchronization on Test server has been working properly while Production hasn't. After analysis we find that Test server does't have patch KB928365 (another differences were windows language version and windows patches, but I don't belive this could have any influnce). So, we have deinstalled whole framework and installed again from scratch but without this KB, rebooting windows twice in the meantime. This took effect, and synchronization worked...until server had to be restarted. (I wrote an post about this KB but now I'm not sure whether my findings were correct)

I have no idea what could cause this problem. I tried to reinstal AD provider, putting in root domain field name for Forest Level, Domain Level, leaving thist field blank. Why ones the synchronization works and another time doesn't. hm...?
 
New Post
11/12/2007 5:42 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

I can only speak on my experiences because it's darn near impossible, I think, to be able to match how everyone has setup their AD environment. Ours here at work was setup by another department and my test setup at home was setup by myself and these are the observations I've made:

Multiple domains in the forest: I can't speak to this because I don't have such a setup but I do remember this has never worked quite right (users can log on but roles don't get synched). It's something that I do want to look at down the road but there are other issues that need to be taken care of first (child portals for example).

However, in a single domain setup > 90% the reason I've found that are synchronization/DNN profile problems is related to impersonation (the local server's NETWORK SERVICE/ASPNET account can't read the active directory). I don't know if Tam's intention with the username/password on the setup page was intended to be the account that handles every interaction with the AD or if it was just for the initial setup. From what I've seen it's just the initial setup and Tam's not available to ask. I've yet to explore if it can be used for every interaction (another thing on my list).

That said, what I'd try to do is to uncomment <identity impersonate="true" /> from your production web.config and change it so that it looks like this: <identity impersonate="true" userName="domain\username" password="password" />. The user can be any domain user who has read access to the AD (all domain users do I believe) and it doesn't have to have any special administrator rights. That user does have to have the same permissions to the DNN directory that NETWORK SERVICE/ASPNET does however. I suspect in your situation that the access rights between the two AD installs (Test and Production) are different.
 
 Page 2 of 2
Previous12 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD Synchronize Roles Not WorkingAD Synchronize Roles Not Working


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out