Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

group ad synchronization - newbie

Status
Not open for further replies.
TWillard

TWillard

Programmer
Apr 26, 2001
263
US
I am testing the synchronization of active directory to sharepoint security. I have one wss site. It has the site administrator and one ad group as users. As a test, I added myself to the group. I logged-off and back on to my computer. I can see that I am a member of the active directory group through the component window. However, I am not able to login. If I perform an iisreset on the server, then I am able to login.

Does this sound normal? Do I need to schedule an IIS reset against my sharepoint server, so that it will recognize changes within the active directory groups? Where and how is the link between AD and WSS security, I would assume that it would be dynamic. Dynamic enough, at a minimum, that if I logged off and back on after a change, that the wss site would recognize the change.

Please help.

 
Sort by date Sort by votes
Hello,

We are using AD groups here and I have not noticed that we have had this problem, we have never had anyone complain that they can't login. Are you running only Windows SharePoint Services?

Have you tried to add a user, then wait and try and log in after some time? Might be a replication/synchronization issue?

I mean, doing an IIS reset each time you add new users to a group should not be the way to do it. And to me it does not sounds "normal".

Now you have gotten me curious about this, so I will do some test on this end and see what I come up with.

Regards,
Thomas
 
Upvote 0 Downvote
Thomas, Thanks for the reply.

We are using ad groups. I did try adding someone to a group. I logged off and back on with the user account and I was not able to login. As an impatient person, I performed an IIS reset and the user account was able to login. I did not try waiting to see if after a peroid of 'x' amount of time that that person could login. It makes me curious if there is a replication/synchronization component between sharepoint and active directory. We are using ad groups within sharepoint.

I just thought of something: We are using iis directory security with Basic Authentication and not Integrated Windows Authentication. Is it possible that this adds an extra layer of sync time? manual sync w/ iisreset?
 
Upvote 0 Downvote
Setup : WSS w/ SP2 using SQL Server 2000

Test User Removal from Group.
-- user a is not an administrator on SharePoint Server
-- user a is a member of group\g
-- group\g is a member of sharepoint site s
-- user a can actively login to sharepoint site s
-- REMOVE USER A FROM GROUP G
-- HAVE USER A LOG OFF AND BACK TO COMPUTER/NETWORK
-- user a is visibly not a member of group g. However, user a can still login to site s
-- WAIT 15 minutes
-- user a can no longer login to site s

 
Upvote 0 Downvote
caching, recycling app pools, metabase stuff all things involved here. This is not abnormal behaviour. I just can't seem to find the info where this proces is described.



//Bart
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pack10
  • Locked
  • Question
Moving fields on an infopath form from an optional section to a new group...what are best practices
Replies
0
Views
156
Pack10
Pack10
dam0kles
  • Locked
  • Question
additional validation in newdocset.aspx
Replies
1
Views
181
dam0kles
dam0kles
codamnet
  • Locked
  • Question
map user properties to AD Mapped Attributes
Replies
0
Views
81
codamnet
codamnet
DougP
  • Locked
  • Question
newbie questions Deploy Access db to sharepoint
Replies
1
Views
60
ehaze
ehaze
hjgoldstein
  • Locked
  • Question
Help needed for a Newbie
Replies
2
Views
77
hjgoldstein
hjgoldstein

Part and Inventory Search

Sponsor

Back
Top