UserGetLocalGroups failed error - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » UserGetLocalGroups failed error

Page 1 of 2

1

Topic Options

#152310 - 2005-11-26 04:59 PM UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	Dear all, I posted a related error last week. Our environment consists of a master domain and several subdomains with users traveling around. User accounts are located in the subdomain. User A ist homed in domain A. If user A uses a PC in domain A no problem. If the user logs in from a machine in any other domain e.g. B we get problems e.g with the ingroup() function. We tried calling the function with and without leading domain ("ABC\GroupA" and "GroupA"). The domain is relying only on DNS. No WINS is installed. Any idea what could be the issue?
Top

#152311 - 2005-11-26 05:32 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	GC? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152312 - 2005-11-26 08:01 PM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	GC's available in every location. There are other Kix errors in the eventlog UserModalsGet failed Error : The network path was not found. (0x35/53). UserGetInfo failed Error : The network path was not found. (0x35/53). GetPG: LookupAccountSid failed Error : No mapping between account names and security IDs was done. (0x534/1332).
Top

#152313 - 2005-11-26 08:24 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Is your network config clean? Do you have other clients or providers/protocols? Binding order? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152314 - 2005-11-26 08:32 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Are all the DNS zones present, including reverse zones? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152315 - 2005-11-26 08:42 PM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	No other protocols are running. All authentications and operations are working fine. Accessing printer, shares (both of them manually assigned), Outlook, etc.
Top

#152316 - 2005-11-26 08:44 PM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	forest root is delegatin to sub zone dns servers also for the reverse zones. DNS lookup is working correctly.
Top

#152317 - 2005-11-26 09:10 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Are you suggesting it is a KiX issue? I still think it is an infrastructure problem. We have many users in a multi-domain AD that are not having issues. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152318 - 2005-11-26 09:39 PM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	Are they using WINS or do they rely on DNS only??
Top

#152319 - 2005-11-26 09:46 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	You would have to ask them. Howard, Ron? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152320 - 2005-11-26 09:58 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Speaking of DNS, how are you dealing with search suffix? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152321 - 2005-11-26 10:05 PM Re: UserGetLocalGroups failed error
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Hmmmm.... even Microsoft was using WINS last I knew. They "might" be off of it by now, not sure. Anyways - every big shop I've heard of still runs WINS. Many of the admin tools by Microsoft don't work without it as they don't use DNS for resolution. If you really want to know what's going on then put a sniffer on the desktop connection and read what it's doing. My guess is that it can't find what it's looking for one way or another. Whether it's because DNS is not setup correctly or TRUSTS are not setup or something else. So let me see if I have this right. You have as example 10 Domains within a single Forest and the accounts for users are within their own respective domains, yet you somehow run a logon script from the root of the Forest? How can you logon another Domain without an account in that Domain? Maybe I'm missing something here and I've not worked on AD now for over a year so perhaps I don't get exactly what the issue is. In order to logon to another Domain don't you need an account in that Domain?
Top

#152322 - 2005-11-26 10:10 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Ron, My take on it is that the user is in the same domain he/she logs onto, BUT the computer the user is using is in another domain. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152323 - 2005-11-26 10:17 PM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	only primary domain suffix. Local DNS Servers forward unknown domains to global DNS servers of forest root. These know all delegations to the local zones, incl. reverse lookup zones.
Top

#152324 - 2005-11-26 10:22 PM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	Alle domains are member of the same forest, all have been created with DCPROMO as subdomain of the root. So now manual trusts. This also implies that we have a full transitive trust even accros domains. The domains are running in W2K3 native mode. The scripts are pulled from one of the users domain controller. Not from the forest root and not from the DC´s of the machines domain.
Top

#152325 - 2005-11-26 10:35 PM Re: UserGetLocalGroups failed error
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	But the script is confirmed to be running otherwise, it just can't properly process the InGroup is that correct? Do you have Enterprise Admin rights? Perhaps some other Domain Admin has messed around with trusts. The trust flows up but can be broken by one of the Domains which could cause a break to other Domains as well. Can you run NETDOM and confirm all Domains trust each other?
Top

#152326 - 2005-11-26 10:38 PM Re: UserGetLocalGroups failed error
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Understanding Trusts http://www.microsoft.com/technet/prodtec...cb33fe93a5.mspx
Top

#152327 - 2005-11-26 11:20 PM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	no one except my group is domain admin. Trusts have not been touched to each other. NETDOM and DNSLINT succeed for the FQDN domain names. Netdom fails if the pre windows 2000 naming convention is used (netbios names).
Top

#152328 - 2005-11-26 11:35 PM Re: UserGetLocalGroups failed error
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Quote: only primary domain suffix. This can lead to the inability to resolve incomplete (not fully qualified). Try adding all subdomains in the search suffix. It cannot be done with DHCP but you can create a custom GPO ADM to do it. You could also create a test entry in LMHOSTS. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#152329 - 2005-11-27 01:12 AM Re: UserGetLocalGroups failed error
vosal vosal Fresh Scripter Registered: 2005-11-15 Posts: 20	Tried the lmhost but also no success, same result. I used the paramters #pre #dom with the Netbios domain name of the subdomain to authenticate against. What I am wondering is, share access in the machines domain with group permissions of the users domain are working correctly.
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

1 registered (Allen) and 675 anonymous users online.

Newest Members

batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users

Generated in 0.075 seconds in which 0.026 seconds were spent on a total of 12 queries. Zlib compression enabled.

click tracking