| Intrepid |
| (Fresh Scripter) |
| 2006-10-23 04:24 PM |
group name resolution in AD
|
My apologies if this post exists elsewhere, I did a search a could not find an answer.
I'm running kixstart in a AD structure.
Group names are not being resolved.
For example, look at this cmd
IF INGROUP("keng_i_drive")
use i: /DELETE /PERSISTENT
use i: "\\server\I"
ENDIF
Everything was working fine until I did a server migration this weekend. Part of that process included renaming the group from its old name to its present keng_I_drive. (I change the pre-2000 name to the same thing as well).
Now the I: is not being mapped. What's even more odd is, is that if I replace keng_I_drive w/ the old group name in the script, it DOES map... even though I renamed the group in ADUC!
Very very odd.
Furthermore, I created a new group this past weekend and it does not execute its drive mapping either. It is parsing the logon.kix file properly (I tested that in debug), but when it gets to the new group section, it just skips over it as if it does not exist. The new group does exist and I can resolve it (for instance, I can do a 'check name' on a folder in Windows for it and it does come up). (Both groups are global/security groups).
I don't understand:
1) how kix recognizes an OLD existing group name even tho I renamed it
2) how to get kix to recognize a newly created group even tho AD see its fine.
Again, my apologies if this is a repost. Any help would be appreciated.
| Intrepid |
| (Fresh Scripter) |
| 2006-10-23 04:38 PM |
Re: group name resolution in AD
|
A little bit more info..
The NEW group that isnt mapping at all goes like this in the script
Select
Case INGROUP("marg_everyone")
use k: "\\server\public"
use y: "\\server\dept"
use z: "\\server\msds$"
EndSelect
Now, in debug mode, I hit the opening "Select" line and it never gets to the INGROUP line.. it bypasses this whole section... I do not know why.. Other legacy groups in the "Select" section work fine..
Richard H.
|
| (KiX Supporter) |
| 2006-10-23 04:46 PM |
|
Re: group name resolution in AD
|
You need to flush the group token cache on *ALL* clients, either by using the "/f" switch, or by deleting the registry entry.
| Intrepid |
| (Fresh Scripter) |
| 2006-10-23 05:09 PM |
|
Re: group name resolution in AD
|
/f switch where? on what line?
|
Richard H.
|
| (KiX Supporter) |
| 2006-10-23 05:10 PM |
|
Re: group name resolution in AD
|
Read the "Group membership information" section in the KiXtart manual, which also has a warning note about changing group names...
| Intrepid |
| (Fresh Scripter) |
| 2006-10-23 05:20 PM |
|
Re: group name resolution in AD
|
right.. the /f seems to have resolved the renamed group issue..
it does not appear to have resolved the newly created group though (marg_everyone).. I will conduct some more tests and see if I can provide more information..
| Intrepid |
| (Fresh Scripter) |
| 2006-10-23 05:29 PM |
|
Re: group name resolution in AD
|
my apologies.. it appears the /f solved both issues.
You have been very helpful.. I am grateful
Thank you