Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD membership not synced into DNN security rolesAD membership not synced into DNN security roles
Previous
 
Next
New Post
8/21/2008 1:15 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

With the .04 version the user only gets removed if it doesn't detect that the user is part of the AD group (the .03 version removes the users from all groups and then adds them back again which can cause timeouts on AD's that have a large number of groups) so it looks like it's not able to read the user's memberOf property or it's not being returned to the server.

The account that's used to talk to the AD is the impersonation line (that's why it's needed). A future version is going to get rid of that (the whole provider requires a re-write to get it up to .NET 2.0 standards at minimum).

So my question here is: Just to verify, are the AD groups Security groups and not Distribution groups?

What you could try is a program called LDAPBrowser on the server (seeing that's the system that's having problems) and connect to the AD with the same user that you're using for impersonation. Then browse to one of the users and see if anything is gstting returned for the memberOf field. That'll help narrow down where the problem is.
 
New Post
8/21/2008 4:46 AM
 
AndrewF

Joined: 8/12/2008
Posts: 7

Definately security groups.

LDAPBrowser returns the memberOf field(s) fine without problem.

For some strange reason one newly created role/group sync's fine however other new ones won't (along with the existing ones). Another thing I've tried is to increase the permissions on the account I'm using for impersonation to have full Admin rights to the server and also higher rights to the Active Directory, both to no avail. The account used for the impersonation is the same as the one on my own WinXP machine (where it all works beautifully). 

 
 
New Post
8/21/2008 10:19 AM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

I'm at a loss Andrew as I can't recreate the problem on any of the operating systems I have available to me (XP, Vista, Server 2000/2003). If I can't recreate it I can't debug it.

 
New Post
8/22/2008 12:17 AM
 
AndrewF

Joined: 8/12/2008
Posts: 7

Hi Mike

Thanks for your help so far but I've found something that gets it to work on my 2003 Server. If I change the groups scope to Universal it works! If I change it back to Global then it stops working. I've forgotten what the exact differences are between the three scopes (Domain Local, Global & Universal) but I seem to remember it being something to do with the Global Catalog.

Any ideas?

I'm wary of changing all of my groups to Universal in case it causes further ramifications.

TIA Andrew
 
New Post
8/22/2008 2:56 AM
 
AndrewF

Joined: 8/12/2008
Posts: 7

Also the server is R2 which had a bunch of security updates so I wonder if there's something extra I should have done?
 
 Page 6 of 7
Previous123...567Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationAD membership not synced into DNN security rolesAD membership not synced into DNN security roles


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out