Page 2 of 2 <12
Topic Options
#151856 - 2005-11-26 09:18 PM Re: If ingroup error
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
You need to be careful. If memory serves, there can be a conflict with GC and the IM FSMO role.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#151857 - 2005-11-26 09:23 PM Re: If ingroup error
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Further reading:
http://support.microsoft.com/default.aspx?scid=kb;en-us;197132
Quote:

Infrastructure FSMO Role
When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference.

NOTE: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log.




_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#151858 - 2005-11-26 10:17 PM Re: If ingroup error
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
That is for a multi domain setup. Logging in security events would show who changed any settings, but unless you're saving your logs it would still be quite a pain to locate who changed it and when unless it was recently done.

How many Admins at your site have rights to modify core AD settings?

Top
#151859 - 2005-11-26 11:40 PM Re: If ingroup error
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I did say "can" and not "most definately will" since there is no mention of the AD design. We run an empty root domain model where the resource domain hold all the domain admins, protecting our root.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#177942 - 2007-07-13 09:33 PM Re: If ingroup error [Re: Les]
AllOne Offline
Lurker

Registered: 2007-07-13
Posts: 1
I found the fix to have to add "= 0" to your if statement. Read the following site http://www.scriptlogic.com/kixtart/htmlhelp/functions/ingroup.htm

and note:

0 InGroup checks for membership of ONE of the groups in the list (default)

Top
#177943 - 2007-07-13 09:36 PM Re: If ingroup error [Re: AllOne]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
you are joking, right?
_________________________
!

download KiXnet

Top
#177944 - 2007-07-13 09:50 PM Re: If ingroup error [Re: Lonkero]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
LOL
I think he's serious. :\
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
Page 2 of 2 <12


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.046 seconds in which 0.017 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org