Issues with InGroup - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Issues with InGroup

Page 1 of 1

1

Topic Options

#198407 - 2010-04-16 08:25 PM Issues with InGroup
Georges_K Georges_K Getting the hang of it Registered: 2005-02-17 Posts: 83 Loc: Chino, CA	Hello guys, I'm running Kix 4.60 in one of my labs for the logins. The issue I'm describing right now is something that I randomly deal with when I'm using Kixtart, so if I can get an explanation as to why this happens, and how to resolve it. I would really appreciate it. The issue is very simple, but frustrating. As part of a function, I'm using the InGroup keyword to check if the users belongs to a particular group in AD. Out of the blue, the line: If Ingroup("432-AllStudents") which used to return TRUE, is suddenly returning False, even though that particular account clearly belong to the 432-AllStudents group. I do have many Domain Controllers in my environment, so that may be put a kink in the explanation. However, I checked the logon server for that particular workstation, and the account information reflected also show it belong to the 432-AllStudents group. I have tried to do : If InGroup("432-AllStudent",0) instead... just in case, but I get the same result. 1- Is there any method I can use to troubleshoot what KIX is doing to return a false result? 2- Could it be possible that KIX has a bug in the INGROUP command that may make it misbehave occasionally? Any help would be greatly appreciated!! p.s: I did try to put Kixtart 4.61 just for giggles, but I got the same result. I also tried to create a small script outside of the logic of my big login script that only has the If InGroup clause, and got the same results. so I know it's nothing in the logic of the script. Thanks! _________________________ Network Specialist Chino Unified School District
Top

#198408 - 2010-04-16 08:46 PM Re: Issues with InGroup [Re: Georges_K]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4562 Loc: USA	Try flushing the token cache: kix32 -f If you have just added the user to the group, be sure to logoff and back in, to get the security token. If Win7 and W2k AD see: http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=196497#Post196497 If not Win7 what OS?
Top

#198409 - 2010-04-16 09:07 PM Re: Issues with InGroup [Re: Allen]
Georges_K Georges_K Getting the hang of it Registered: 2005-02-17 Posts: 83 Loc: Chino, CA	UPDATE: I was checking the contents of the token cache in the registry, and it didn't look like that the group in question was listed in there. That group has been in AD for quite a while now, it hasn't been renamed or removed. Does anyone know why it wouldn't be up to date in the token cache? I went ahead and ran kix32 /f to clear the cache, logged off, and back on, and the group showed up correctly this time. Is there anything that I may be doing inadvertently that may be causing this behavior? ideas? btw, OS is Windows XP SP3, Running AD 2003 Server mode on that particular domain. The parent domain (forest root) is currently running in 2000 Native. (sorry, should've mentioned that first thing) _________________________ Network Specialist Chino Unified School District
Top

#198410 - 2010-04-17 11:37 PM Re: Issues with InGroup [Re: Georges_K]
Richard H. Richard H. Administrator Registered: 2000-01-24 Posts: 4946 Loc: Leatherhead, Surrey, UK	Quote: Is there anything that I may be doing inadvertently that may be causing this behavior? ideas? Renaming a group is a classic gotcha. Because the GUID doesn't change the KiXtart cache remains valid so it doesn't trigger an update.
Top

#198411 - 2010-04-18 05:30 AM Re: Issues with InGroup [Re: Richard H.]
Georges_K Georges_K Getting the hang of it Registered: 2005-02-17 Posts: 83 Loc: Chino, CA	I understand the reason behind the cache not updating if the GUID hasn't changed. However, in my case, the AD Security group in question had been in place and had not been renamed in months. The KIX script was successfully recognizing that group without any issues. Suddenly, out of the blue, that group was no longer in the cache, that's why I'm questioning the sporadic behavior of "INGROUP", and whether there may be another explanation as to what may have happened. _________________________ Network Specialist Chino Unified School District
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Who's Online

0 registered and 874 anonymous users online.

Newest Members

StuTheCoder, M_Moore, BeeEm, min_seow, Audio
17884 Registered Users

Generated in 0.055 seconds in which 0.027 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking