asked on
Daily Security Group Changes of One User Fail on one of 3 DCs.
Recently, I published a question:
https://www.experts-exchange.com/questions/29212323/Changing-Security-Group-Membership-Not-Working-for-All-Computers.html
And there were no conclusions.
I'd encourage you to read that one for background.
While I thought I'd found a solution, it was short-lived.
The issue appears to be with a single DC out of 3 which are all the same computer model, computer configuration, OS, etc.
Recently, I also notice that part of Server Manager, esp. Active Directory Users and Computers is slow to populate lists of users and computers. It's sometimes so slow, in fact, that one doubts that it's working.
So, I wonder if the two things aren't related.
i.e. inability to change security groups of one user and slowness of ADUC in SM.
I've run sfc / dism /sfc on this one DC and didn't find anything.
To recap the group change issue:
One user is changed out of one security group and into another security group and back again each day. This one computer appears to fail to make that change - although I've seen it change hours later occasionally.
I'm running a log showing results of both:
whoami.exe /groups | find [groupname] [for both groupnames] [which fails to change]
net groups [groupname] | find "username" [for both groupnames]
It is the whoami that fails to switch while the net groups switches as expected.
So, the problem isn't fixed yet and this one DC is suspect I'd say.
I'm wondering what steps to take next that are least intrusive?
Something that I don't know:
Since the user group membership is at the DC, is it (almost) always taken from the same (likely local) DC?
https://www.experts-exchange.com/questions/29212323/Changing-Security-Group-Membership-Not-Working-for-All-Computers.html
And there were no conclusions.
I'd encourage you to read that one for background.
While I thought I'd found a solution, it was short-lived.
The issue appears to be with a single DC out of 3 which are all the same computer model, computer configuration, OS, etc.
Recently, I also notice that part of Server Manager, esp. Active Directory Users and Computers is slow to populate lists of users and computers. It's sometimes so slow, in fact, that one doubts that it's working.
So, I wonder if the two things aren't related.
i.e. inability to change security groups of one user and slowness of ADUC in SM.
I've run sfc / dism /sfc on this one DC and didn't find anything.
To recap the group change issue:
One user is changed out of one security group and into another security group and back again each day. This one computer appears to fail to make that change - although I've seen it change hours later occasionally.
I'm running a log showing results of both:
whoami.exe /groups | find [groupname] [for both groupnames] [which fails to change]
net groups [groupname] | find "username" [for both groupnames]
It is the whoami that fails to switch while the net groups switches as expected.
So, the problem isn't fixed yet and this one DC is suspect I'd say.
I'm wondering what steps to take next that are least intrusive?
Something that I don't know:
Since the user group membership is at the DC, is it (almost) always taken from the same (likely local) DC?
Windows Server 2019Active Directory* security groups
Last Comment
hypercube