Re: GC does not know group membership of users

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
Date: Wed, 03 Jan 2007 09:03:28 -0500

Group membership in general is not maintained in the GC partition except for Universal groups. The exception outside of universal groups is due to implementation... If a GC is a DC for Domain1, it will show all group membership that is set on Domain1 groups. If a GC is a DC for Domain2, it will show all group membership that is set on Domain2 groups.

So if you look at Domain1\User on a GC that is a DC for Domain2, the memberof attribut would show universal group membership and any groups in Domain2 that the user is a member of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

dtontsch wrote:

I have two GC's in my w2k3 AD env., one in mycompany.com and one in de.mycompany.com. The GC of mycompany.com seems not to hold any details of user's group membership and due to this reason also no exchange 2003 distribution list membership details. Probably due to this reason my exchange server only accepts the de.mycompany.com GC and not the mycompany.com GC. When I have a look to the details the GC is aware of the following is displayed.

mycompany.com GC:

displayName: My Username
uSNCreated: 106111
uSNChanged: 161099
homeMTA: CN=Microsoft MTA,CN=HWDE-MUC-MA-1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=ExchangeHWDE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=com
proxyAddresses: smtp:musername@xxxxxxxxxxxxxxx
proxyAddresses: smtp:musername@xxxxxxxxxxxxxxxx
proxyAddresses: smtp:musername@xxxxxxxxxxxxx
proxyAddresses: SMTP:musername@xxxxxxxxxxxx
proxyAddresses: X400:c=DE;a= ;p=ExchangeHWDE;o=Exchange;s=Username;g=My;
proxyAddresses: smtp:musername@xxxxxxxxxxxx
proxyAddresses: smtp:musername@xxxxxxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxxxxxx
homeMDB: CN=CER_Priv,CN=CER Storage Group,CN=InformationStore,CN=HWDE-MUC-MA-1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=ExchangeHWDE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=com

--------------------------
de.mycompany.com GC:

displayName: My Username
uSNCreated: 103994
memberOf: CN=Tech CER,CN=Groups,OU=DE,DC=de,DC=mycompany,DC=com
memberOf: CN=mycompany MUC,CN=Groups,OU=DE,DC=de,DC=mycompany,DC=com
memberOf: CN=ecs_feedback,CN=Groups,CN=COM,DC=de,DC=mycompany,DC=com
memberOf: CN=admin,CN=Groups,OU=DE,DC=de,DC=mycompany,DC=com
memberOf: CN=all@xxxxxxxxxxxx,CN=Groups,OU=DE,DC=de,DC=mycompany,DC=com
memberOf: CN=mycompany CER,CN=Groups,OU=DE,DC=de,DC=mycompany,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=de,DC=mycompany,DC=com
uSNChanged: 215141
homeMTA: CN=Microsoft MTA,CN=HWDE-MUC-MA-1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=ExchangeHWDE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=com
proxyAddresses: smtp:musername@xxxxxxxxxxxxxxxx
proxyAddresses: smtp:musername@xxxxxxxxxxxxxxx
proxyAddresses: SMTP:musername@xxxxxxxxxxxx
proxyAddresses: smtp:musername@xxxxxxxxxxxxx
proxyAddresses: X400:c=DE;a= ;p=ExchangeHWDE;o=Exchange;s=Username;g=My;
proxyAddresses: smtp:musername@xxxxxxxxxxxx
proxyAddresses: smtp:musername@xxxxxxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxx
proxyAddresses: smtp:my.username@xxxxxxxxxxxxxxxx
homeMDB: CN=CER_Priv,CN=CER Storage Group,CN=InformationStore,CN=HWDE-MUC-MA-1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=ExchangeHWDE,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycompany,DC=com

As one can see the mycompany.com GC has no "memberOf:" information at all for the respective user.

Is there any setting in GC which defines whether a GC should keep details or not ...

Regards,
Dieter

Follow-Ups:
- Re: GC does not know group membership of users
  - From: dtontsch

References:
- GC does not know group membership of users
  - From: dtontsch

Prev by Date: GC does not know group membership of users
Next by Date: Re: GC does not know group membership of users
Previous by thread: GC does not know group membership of users
Next by thread: Re: GC does not know group membership of users
Index(es):
- Date
- Thread

Relevant Pages

Re: Not able to see Universal Groups from a sub domain
... MCSE, MVP Directory Services ... universal groups. ... the group membership if i open the User object from Users And Coumputers in ...
(microsoft.public.windows.server.active_directory)
Not able to see Universal Groups from a sub domain
... universal groups. ... And i have a sub domain sub1.mydomain.local where it's only ... the group membership if i open the User object from Users And Coumputers in ... Is that correct or have we missed som setup here. ...
(microsoft.public.windows.server.active_directory)