Announcement

Collapse
No announcement yet.

Groups being Cached

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Groups being Cached

    I'm experiencing some problems with user groups staying in cache. I have a test user account that I placed into a Universal Security group. When I log into a workstation with the test account and run a gpresult, I can see the user in the correct groups. However when doing the same thing on a terminal server the user is still shown in older groups.

    I have verified that Universal Group Caching is not enabled. Additionally I have run a gpupdate /force on the server and even rebooted it. I also checked the group out in ADSI, and the user account was not listed as a member. What is causing this to happen? Thank you in advance.

  • #2
    Re: Groups being Cached

    have you ensured that you logged off of, and back onto, the terminal service since the change was made?

    I'm sure you probably have, but you haven't mentioned it..
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Groups being Cached

      Yes I have verified. This is a test account that I'm testing with, and no one else is logged in with this account. I verified that the user logged off, and the session was reset. I even rebooted the server to no avail.

      Comment


      • #4
        Re: Groups being Cached

        Check the Terminal Server's Application and System event logs for w32time errors, Group Policy processing errors, SceCli errors and userenv errors (or warnings)

        Simon

        Comment


        • #5
          Re: Groups being Cached

          No there doesn't seem to be any errors. It even shows an okay for Folder Redirection.

          Comment


          • #6
            Re: Groups being Cached

            I would try the following:

            - Create another user account and try and replicate the same problem. If you dont get the same issue then put it down to a nuance with that user account
            - If you still get the same issue with another brand new account then try logging on to multiple machines with the new accounts.

            If still same issue then it could be AD replication:

            - Are the machines you are logging on to in the same AD sites?
            - Different domains, etc etc etc?
            - When logging on are you authenticating with the same domain controller? (running SET in command line and looking for LogonServer can shed some light on this)
            - If you are authenticating with e.g. DC1 on the workstation but DC2 when logging on to the Terminal Server then is replication working between these domain controllers and or sites

            Simon

            Comment


            • #7
              Re: Groups being Cached

              Can you give us a bit more info on your AD structure? Single forest/Multidomain etc.
              Any events in the DCs? How are the FSMO roles distributed? Have you run a DCdiag?
              It all depends on your structure but at first it seems like something related to the Infrastructure master.
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Groups being Cached

                I started playing around with the GPO's; mainly removing loopback processing. It seems to have strangely made a difference in the groups.

                Comment


                • #9
                  Re: Groups being Cached

                  You may be adding users to groups via GPO?

                  Loopback processing normally only applies policy settings in the computer context and 'can' ignore all user settings (lots of caveats to that i know)

                  Simon

                  Comment

                  Working...
                  X