Re: Active directory groups refresh question
- From: "Joseph T Corey" <jcorey@xxxxxxxxxxxxxx>
- Date: Tue, 18 Mar 2008 10:36:01 -0400
There is a difference between querying your local token (which is what you're doing below) and querying Active Directory for the list of current groups. When a user logs in, an access token is created that has the users SID and all SIDs of the groups that the user is a member of. This token is only created during login so that's why you're seeing this behavior. To obtain the most current list of groups that a user is a member of, you would need to query Active Directory for the MemberOf list. I'm not a VB.NET guy, so sorry for not posting any code.
--
Joseph T. Corey MCSE, Security+
Systems Administrator
jcorey@xxxxxxx
"Mark Clark" <M-Clark-nospam@xxxxxxxxxxxxx> wrote in message news:MPG.22497eb8ff5fc58698969c@xxxxxxxxxxxxxxxxxxxxxxx
This is not a programming question, per se, but I am writing a program
in VB.NET 2005 that checks the current user's group membership in Active
Directory. When I either add or remove a person from a group in AD, that
group change does not show up on the local machine until I log out and
log back in. Is there a way to force the group membership of the current
user to be updated from AD so that the membership is always current? In
case it makes a difference, I am using this line to get the membership:
System.Security.Principal.WindowsIdentity.GetCurrent.Groups.Translate
(GetType(System.Security.Principal.NTAccount))
Thanks.
.
- Follow-Ups:
- Re: Active directory groups refresh question
- From: Mark Clark
- Re: Active directory groups refresh question
- References:
- Active directory groups refresh question
- From: Mark Clark
- Active directory groups refresh question
- Prev by Date: Re: Running services under AD users
- Next by Date: Re: Site and Subnet
- Previous by thread: Active directory groups refresh question
- Next by thread: Re: Active directory groups refresh question
- Index(es):
Relevant Pages
|
