research Question
Which Security Group for a User is in effect? On the Domain? On the workstation where the User is logged on?
asked on
I'm working on a problem where switching User Security Group membership isn't doing what it should.
I'm using 3 commands to ascertain if a particular Security Group is actually in effect.
whoami /groups
gpresult /r | find [groupname]
net groups [groupname] /domain
in that order.
I've researched it but haven't found a nice, clear statement of what is being reported for each.
Is it from the domain controller? Or, is it from the local cache?
I can see when they disagree. It is of course then 2:1 but sometimes it's a different "2".
So that's rather baffling.
I don't believe that I've ever seen whoami/ groups yielding the odd result.
Sometimes net groups [groupname] /domain yields the odd result.
Sometimes gpresult /r | find [groupname] yields the odd result.
I don't believe that I've ever seen whoami/ groups yielding the odd result.
Sometimes they all agree - which is what I want I should think!
Which reports from the domain controller?
Which reports from the local computer?
Now, I suppose that a report from the local computer may or may not agree with the domain controller but find it surprising / disturbing that two reports from either the domain controler or the local computer would disagree.
Any insights would be appreciated!
I'm using 3 commands to ascertain if a particular Security Group is actually in effect.
whoami /groups
gpresult /r | find [groupname]
net groups [groupname] /domain
in that order.
I've researched it but haven't found a nice, clear statement of what is being reported for each.
Is it from the domain controller? Or, is it from the local cache?
I can see when they disagree. It is of course then 2:1 but sometimes it's a different "2".
So that's rather baffling.
I don't believe that I've ever seen whoami/ groups yielding the odd result.
Sometimes net groups [groupname] /domain yields the odd result.
Sometimes gpresult /r | find [groupname] yields the odd result.
I don't believe that I've ever seen whoami/ groups yielding the odd result.
Sometimes they all agree - which is what I want I should think!
Which reports from the domain controller?
Which reports from the local computer?
Now, I suppose that a report from the local computer may or may not agree with the domain controller but find it surprising / disturbing that two reports from either the domain controler or the local computer would disagree.
Any insights would be appreciated!
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 18 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 18 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.