#102078 - 2003-06-12 09:41 AM
INGROUP - Which API Function Used?
|
RicardM
Lurker
Registered: 2003-06-12
Posts: 4
Loc: UK
|
Does anyone know what API the INGROUP function uses to obtain the Users Group information.
I need to know to determine whether the problem is with Kixtart or with AD/XP.
|
|
Top
|
|
|
|
|
#102079 - 2003-06-12 02:17 PM
Re: INGROUP - Which API Function Used?
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Ricard,
Welcome to the board!
Have you visited our wonderful - KiXtart FAQ & How to's Forum?
As we look through this list, we find the following topic - Analysis of KiX-related files
What APIs doe KiXtart use for INGROUP? Isn't that Kind of a "loaded question?" ![[Wink]](images/icons/wink.gif)
KIX32.EXE
ADVAPI32 23 AdjustTokenPrivileges
ADVAPI32 24 AllocateAndInitializeSid
ADVAPI32 157 FreeSid
ADVAPI32 199 GetSidIdentifierAuthority
ADVAPI32 201 GetSidSubAuthority
ADVAPI32 202 GetSidSubAuthorityCount
ADVAPI32 208 GetTokenInformation
ADVAPI32 239 LookupAccountSidA
ADVAPI32 240 LookupAccountSidW
ADVAPI32 245 LookupPrivilegeValueA
KXRPC.EXE
NETAPI32 240 NetUserGetLocalGroups
HTH,
Kent
|
|
Top
|
|
|
|
#102080 - 2003-06-12 05:00 PM
Re: INGROUP - Which API Function Used?
|
RicardM
Lurker
Registered: 2003-06-12
Posts: 4
Loc: UK
|
Kent,
thanks for pointer, I found the work round for the problem in the latest copy of the documentation which mentions the group cache and flushing it.
I know virtually nothing about AD APIs, my normal territory is eDirectory, but looking up the APIs you list it looks like the key one is GetTokenInfomation which I guess is being called with TOKEN_GROUPS. As mentioned in my subsequent post it looks like Kixtart only gets the actual text group name for a SID when it detects a new of SID, thus when a group is renamed in AD as the SID doesn't change a script will fail until the cache is flushed giving the impression AD has "sticky" names.
Since I am guessing that this is by design to minimise network traffic. I have pulled my post that suggested it was a flaw.
Just very confusing when the manual you are working from doesn't mention the feature and possible side effects, when you are having AD making life interesting at the same time.
thanks,
RichardM
[ 12. June 2003, 17:05: Message edited by: RicardM ]
|
|
Top
|
|
|
|
#102081 - 2003-06-12 05:06 PM
Re: INGROUP - Which API Function Used?
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
I maybe confused here.. What is not being shown - groups, users, what? Sure it maybe INGROUP(),SIDTONAME(), etc.
Rather than speculating what you are trying to do..
Can you share a snip of your code to see what is really going on?
Thanks,
Kent
|
|
Top
|
|
|
|
#102083 - 2003-06-13 10:21 AM
Re: INGROUP - Which API Function Used?
|
RicardM
Lurker
Registered: 2003-06-12
Posts: 4
Loc: UK
|
Kent,
Sorry if this all became confusing. The problem arose because a department changed name. So we renamed the group in AD and updated the script to:
If INGROUP("newDepartment")
..
..
EndIf
Then found the script no longer worked, so we changed the script back to:
If INGROUP("oldDepartment")
..
..
EndIF
Which then worked. This is exactly what the current manual (p19) warns about and the need for the /F<date> option. Unfortunately the previous copies of the manual, we have make, no mention of this "feature".
This also coincided with a glitch in AD, now fixed, hence the confusion about whether the problem was Kix or AD.
|
|
Top
|
|
|
|
|
#102085 - 2003-06-13 02:16 PM
Re: INGROUP - Which API Function Used?
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Doc brings up a good point.. Did you give that go?
Kent
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
1 registered
(Allen)
and 781 anonymous users online.
|
|
|
