Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CE not picking up changes in AD groups

Status
Not open for further replies.

Alettia

Programmer
Oct 22, 2004
4
GB
Hi,

We currently use CE9 and are using Windows AD authentication. Up until now our setup has been working fine. CE9 recognises the groups and everyone has the appropriate access.
Recently however we had to change security rights for a user, which involved removing the user from one AD group and adding them to another.
The change was applied in AD and I followed the usual step of refreshing Windows AD groups in the Crystal Management Console but the users details were not updated in Crystal.

This continued for about 1 week with me refreshing CE nearly every day and still the users details were not updating in CE. Eventually one day the user was updated. I still have no idea what changed for this to happen but I am now experiencing the same problem with another user. It has now been over 2 weeks and still the users details are not updating in CE to reflect the changes in AD.
We are able to add new users to AD groups and CE picks them up without a problem. It only seems to be changes to existing users that causes an issue.

I couldn't find any existing threads which detailed this problem. We also have a support contract with an external company but they have been unable to help.

Has anyone had the same problem?
 
Hi Alettia

I've just fixed a problem with AD on a client site. The problem was on a similar sort of line to your's except that in this case it was the whole Crystal AD group which was lost. The group was there but Crystal wasn't picking them up. It would however pick up new groups or idividual users but it wouldn't pick up this certain AD group.

The problem which I found was (I think) a bug in Enterprise. It appeared that when you add groups/users into CE they are given an ID - a bit like the ID it gives a report when you enter it into CE - for some reason this ID had got corrupt and so therefore wasn't picking up the AD group. This might be along the same sort problem that your experiencing, so it might be worth having a look at the ID for the user in the AD group and then the ID for the user in CE and see if they match.

I know its not a fix for you but it might help you determine why it is doing this.

HTH

Steve
 
Alettia,

I have also experienced problems with NT or AD group mapping to CE being corrupted which caused much grief in restablishing my security model.

To minimise the impact of this happening again, I have since adopted the practice of only assigning users rights to objects within CE via CE groups.

For example, if I add an AD group to CE, I create a corresponding CE group and make the AD group a subgroup of the CE group. I then assign all object & folder rignts via the CE group. If for any reason, the AD group becomes corrupted I do not lose my CE security model - I do have a problem to fix, but I only have to remove and re add the AD group in CE and then make it a sub group of my CE group again.

Hope this helps for the future,

Malcolm.
 
Thanks for the tips guys. I shall look into this but I need a little more information before I do.
I'd like to ask Steve (TheBlondOne) or Malcolm if he knows, where I can find the IDs for users/groups in Crystal and also how I find the ID in AD.
Sorry if this is a stupid question but I'm new to this so I thought it better to check before blundering on.

Cheers

Alettia
 
Could you please let me know if the corruption problem relates to CE9 only or to CE10 as well?

Thanks.
Fan
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top