User privilege caching in Active Directory?
- From: filippo.capocasale@xxxxxxxxx
- Date: Tue, 20 Nov 2007 02:35:37 -0800 (PST)
Hello!
I have an Active Directory domain and a web application (that is
developed with .Net and runs on the domain controller) which manages
users' group membership.
I have configured the privileges associatetd with these custom groups.
When I change a user's group membership, the new privileges
(associated to the new group profiling of the user) are not applied
immediately.
It looks like there is a kind of caching of the privileges: I see that
the user belongs to the new groups, but he can't do the right
operations he is supposed to do (because of his membership to certain
groups).
After a certain delay (10-12 minutes) the user privileges are
correctly set.
It is not just a problem of propagation to the computers of the
domain: I'm also talking about privileges on the Active Directory
itself (i.e. privilege to create users in a certain ou, etc.)
I've tried to refresh the cache on the DirectoryEntry object, but
nothing changed.
If there is such a caching (and I cannot force the refresh) I would
like to disable it.
I have tried to modify the registry keys under HKEY_LOCAL_MACHINE
\Software\Microsoft\DRMS\1.0\DirectoryServices, but nothing changed...
Any suggestion would be greatly apreciated!
Thankyou!
Filippo
.
- Follow-Ups:
- Re: User privilege caching in Active Directory?
- From: Dean Wells \(MVP\)
- Re: User privilege caching in Active Directory?
- Prev by Date: RE: AD SID History
- Next by Date: Re: Doamin controller not working
- Previous by thread: query AD at domain scope
- Next by thread: Re: User privilege caching in Active Directory?
- Index(es):
Relevant Pages
|
