I'm working on a problem where switching User Security Group membership isn't doing what it should.
I'm using 3 commands to ascertain if a particular Security Group is actually in effect.
whoami /groups
gpresult /r | find [groupname]
net groups [groupname] /domain
in that order.
I've researched it but haven't found a nice, clear statement of what is being reported for each.
Is it from the domain controller? Or, is it from the local cache?
I can see when they disagree. It is of course then 2:1 but sometimes it's a different "2".
So that's rather baffling.
I don't believe that I've ever seen whoami/ groups yielding the odd result.
Sometimes net groups [groupname] /domain yields the odd result.
Sometimes gpresult /r | find [groupname] yields the odd result.
I don't believe that I've ever seen whoami/ groups yielding the odd result.
Sometimes they all agree - which is what I want I should think!
Which reports from the domain controller?
Which reports from the local computer?
Now, I suppose that a report from the local computer may or may not agree with the domain controller but find it surprising / disturbing that two reports from either the domain controler or the local computer would disagree.
Any insights would be appreciated!
Our community of experts have been thoroughly vetted for their expertise and industry experience.