Page 1 of 1 1
Topic Options
#182724 - 2007-11-16 08:24 AM Group Cache
NearZero Offline
Fresh Scripter

Registered: 2007-11-16
Posts: 10
Hi,

I'am getting some weird results from group memberships.

Kix 4.5.3, Windows 2003 SBS, Client XP Pro SP2.

It makes no difference if I delete the group token cache (reg) or use /f.

So here's the problem... I enum the groups and I get groups I deleted 20 minutes ago. I rebooted the server, they still appear, I reboot my PC they still appear.

If I use VBSript and ADSystemInfo object, no problem, right groups.

This is driving me insane. I thought about GC cache but reboots should have fixed that issue, besides ADSystemInfo works fine.

Anyone know how Kix gets groupmemberships (method), so I could try and reproduce it.

Help \:\)

Top
#182725 - 2007-11-16 08:55 AM Re: Group Cache [Re: NearZero]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
You need to check replication on your network or are you only running a single SBS server?

Please show the code you're using as well.

May have to also check your DNS with tool from MS DNSDIAG and maybe DCDIAG to ensure your AD is operating properly.

How many Servers, and how many Sites?

Top
#182726 - 2007-11-16 10:12 AM Re: Group Cache [Re: NTDOC]
NearZero Offline
Fresh Scripter

Registered: 2007-11-16
Posts: 10
Hi NTDOC,

You can only have one DC in SBS.

Good news is I found the problem, sadly a piece of debug code I left in during a cut and paste, GRRRRR, one of those days. The script is over 800 lines, after so much testing I rather stupidly assumed all was ok.

Thanks \:\)

Top
#182729 - 2007-11-16 11:17 AM Re: Group Cache [Re: NearZero]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
No worries. We all did that once or twice. Sh#t happens.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#182736 - 2007-11-16 01:41 PM Re: Group Cache [Re: NearZero]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
 Originally Posted By: NearZero
You can only have one DC in SBS.

You can have multiple DCs in SBS, but SBS must be the PDCe. Since SBS is designed for smaller networks, there are few real benefits to a second DC, but it is possible.

As for debug code...

 Code:
Global $DEBUG
$DEBUG = 1

; later in the code...

If $DEBUG
 ; do it this way
Else
 ; do it the real way
EndIf

works well for me. Search for the MSG() udf set here or on my web site for debug messaging/logging functions.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#182752 - 2007-11-16 11:11 PM Re: Group Cache [Re: Glenn Barnas]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
So then what does SBS recommend in case of a Server failure? Tough Luck? Rebuild entire AD ?
Top
#182755 - 2007-11-17 12:46 AM Re: Group Cache [Re: NTDOC]
NearZero Offline
Fresh Scripter

Registered: 2007-11-16
Posts: 10
NTDOC, Barnas
I should been a little more specific, you can have on one SBS Server within the domain, but you can have other servers. There are restrictions, but off topic.

Barnas the offending line was a one off. Thanks but I have debug methods inplace, screen and/or file.

The error was really stupid and the result of being tired, I should have hung up the keyboard earlier.

Cheers all

Top
#182757 - 2007-11-17 03:40 AM Re: Group Cache [Re: NearZero]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
 Originally Posted By: NearZero
...There are restrictions, but off topic...
How can you be off topic in the off topic (Lounge) forum?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#182758 - 2007-11-17 01:27 PM Re: Group Cache [Re: NTDOC]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Not sure what SBS recommends, but Microsoft is another story.. ;\)

SBS is really specialized - can only be one SBS in a domain, it must be the PDCe, and while it does support additional DCs, well, to quote their documentation:
  • You can install a computer as a BDC in an SBS domain, but there is minimal advantage in doing so. Because the SBS server must function as a PDC, the BDC only provides redundancy for authentication, not fault tolerance as in a traditional Windows NT domain where a PDC does not act as an applications server.
  • Using a BDC for load balancing: In a domain where there are 25 or fewer users, one domain controller, the PDC, can easily handle domain validation.
  • Logon scripts should be replicated to the BDC. In an environment where clients could be validated by a server other than the PDC, such as a BDC, all logon scripts should be replicated to the BDC or Client Setup will fail.
  • Using a BDC in case the PDC goes down: In an SBS domain, if the PDC goes down, whether or not the BDC is promoted, the users will be able to get validated. However, users will not be able to access applications other than those installed on the BDC, because none of the applications from an SBS server can be installed on any other server except the SBS server.
  • If the BDC is promoted and the SBS server needs to be reinstalled, it cannot be installed into the same domain as a BDC and then promoted because SBS installs as a PDC only. If the PDC ever is reinstalled without a full restore from a backup, the user accounts and machine accounts will have to be re-created and the BDC will need to be reinstalled to become a member of the new domain.

I guess, if you run SBS, you need redundant disk and good backups, eh?

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#182769 - 2007-11-18 11:40 AM Re: Group Cache [Re: Glenn Barnas]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
 Originally Posted By: Glenn Barnas
I guess, if you run SBS, you need redundant disk and good backups, eh?



Wow, with all those caviates who would want to chance running their business on such a system. I think if I was THAT cheap I'd try to do it all on Linux or something.

If PDC took a dump (which could easily happen) and backups failed (which I've seen to many times in many businesses) you could kiss your business goodbye for a few days or maybe even all together if you also lost important customer data with such a stupid setup.

Top
#182770 - 2007-11-18 12:04 PM Re: Group Cache [Re: NTDOC]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
hmm...
the caveats are not totally true (if at all).
you can pause the SBS setup at one point and join it to domain as second DC.
why it's sooo bad to be forced to replicate logonscripts in multi DC environment?
I just wonder where glenn pulled that and did he check the writer of those was an educated person, not just some wacko at the marketing department.

and gee, wtf. with SBS you need proper backups? damn that MUST be a bad product!
with all the other servers, including windows and linux products run fine forever without backups. at least without proper ones. Doc, you of all should know better.


ok, I was a bit offensive, but I just woke up.
I have installed lots of SBS servers and I must admit, I don't like them that much. But I found the comments before mine were way biased.
_________________________
!

download KiXnet

Top
#182773 - 2007-11-18 12:38 PM Re: Group Cache [Re: Lonkero]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
PDC and BDC are non-existing in 2003 domains :P
Although we still refer to them as PDC and BDC's they are just DC's. There is no real difference between them anymore, only difference you can actually specify is the Global Catalog roles.

Top
#182775 - 2007-11-18 03:54 PM Re: Group Cache [Re: Lonkero]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
The info was copied/pasted from a MS KB article. I would assume that the writer was somewhat knowledgeable. As for PDC/BDC, the terms are used in reference to SBS in that the SBS server must be the DC that maintains the FSMO roles, and acts as the PDC Emulator (where appropriate). I installed SBS 2K3 "Enterprise" on my VM system and did not find any option to join an existing domain.

There is a process where you can halt the SBS install, join a domain, run DCPromo, then seize the FSMO roles and finally complete the SBS install, but SBS won't work (ie - no install of all the other components such as SQL, Exchange, Sharepoint unless the SBS server is the PDCe/FSMO role owner. This is how a "BDC" could help protect an SBS installation, but it's kludgy at best.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#182776 - 2007-11-18 10:07 PM Re: Group Cache [Re: Lonkero]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
I'm not complaining of backup. I'm complaining that a product that creates an AD infrastructure (so to speak) but does not allow another server to take over all roles and responsibilities is (IMHO) not a good choice.

I can see where it would be possible for such a disaster to put a "small" business "out of business". There are many small companies out there that could not survive (financially) a loss of everything like that.

The whole point is that a small company probably does not have any dedicated IT Staff and is probably installed by the owner him/herself and that's the end of it and they don't know better. I just think it's not a good choice.

Top
Page 1 of 1 1


Moderator:  Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.116 seconds in which 0.068 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org