#182724 - 2007-11-16 08:24 AM
Group Cache
|
NearZero
Fresh Scripter
Registered: 2007-11-16
Posts: 10
|
Hi,
I'am getting some weird results from group memberships.
Kix 4.5.3, Windows 2003 SBS, Client XP Pro SP2.
It makes no difference if I delete the group token cache (reg) or use /f.
So here's the problem... I enum the groups and I get groups I deleted 20 minutes ago. I rebooted the server, they still appear, I reboot my PC they still appear.
If I use VBSript and ADSystemInfo object, no problem, right groups.
This is driving me insane. I thought about GC cache but reboots should have fixed that issue, besides ADSystemInfo works fine.
Anyone know how Kix gets groupmemberships (method), so I could try and reproduce it.
Help
|
Top
|
|
|
|
#182726 - 2007-11-16 10:12 AM
Re: Group Cache
[Re: NTDOC]
|
NearZero
Fresh Scripter
Registered: 2007-11-16
Posts: 10
|
Hi NTDOC,
You can only have one DC in SBS.
Good news is I found the problem, sadly a piece of debug code I left in during a cut and paste, GRRRRR, one of those days. The script is over 800 lines, after so much testing I rather stupidly assumed all was ok.
Thanks
|
Top
|
|
|
|
#182755 - 2007-11-17 12:46 AM
Re: Group Cache
[Re: NTDOC]
|
NearZero
Fresh Scripter
Registered: 2007-11-16
Posts: 10
|
NTDOC, Barnas I should been a little more specific, you can have on one SBS Server within the domain, but you can have other servers. There are restrictions, but off topic.
Barnas the offending line was a one off. Thanks but I have debug methods inplace, screen and/or file.
The error was really stupid and the result of being tired, I should have hung up the keyboard earlier.
Cheers all
|
Top
|
|
|
|
#182758 - 2007-11-17 01:27 PM
Re: Group Cache
[Re: NTDOC]
|
Glenn Barnas
KiX Supporter
Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
|
Not sure what SBS recommends, but Microsoft is another story..
SBS is really specialized - can only be one SBS in a domain, it must be the PDCe, and while it does support additional DCs, well, to quote their documentation:
- You can install a computer as a BDC in an SBS domain, but there is minimal advantage in doing so. Because the SBS server must function as a PDC, the BDC only provides redundancy for authentication, not fault tolerance as in a traditional Windows NT domain where a PDC does not act as an applications server.
- Using a BDC for load balancing: In a domain where there are 25 or fewer users, one domain controller, the PDC, can easily handle domain validation.
- Logon scripts should be replicated to the BDC. In an environment where clients could be validated by a server other than the PDC, such as a BDC, all logon scripts should be replicated to the BDC or Client Setup will fail.
- Using a BDC in case the PDC goes down: In an SBS domain, if the PDC goes down, whether or not the BDC is promoted, the users will be able to get validated. However, users will not be able to access applications other than those installed on the BDC, because none of the applications from an SBS server can be installed on any other server except the SBS server.
- If the BDC is promoted and the SBS server needs to be reinstalled, it cannot be installed into the same domain as a BDC and then promoted because SBS installs as a PDC only. If the PDC ever is reinstalled without a full restore from a backup, the user accounts and machine accounts will have to be re-created and the BDC will need to be reinstalled to become a member of the new domain.
I guess, if you run SBS, you need redundant disk and good backups, eh?
Glenn
_________________________
Actually I am a Rocket Scientist!
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 557 anonymous users online.
|
|
|