Users in Domain Admin group (512) don't have admin rights on windows machine
Hi everyone,
My Problem is the following: Users in the Domain Admins group (512) seem not to authenticate at local windows machines with admin rights. Distribution: CentOS Kernel: 2.6.18-308.20.1.el5 Systeme: OpenLDAP slapd 2.3.43, Samba version 3.5.10-0.110.el5_8 # net groupmap list Domain Admins (S-1-5-21-3285246029-973205485-3622274768-512) -> samba_domain_admins Domain Users (S-1-5-21-3285246029-973205485-3622274768-513) -> samba_domain_users Domain Guests (S-1-5-21-3285246029-973205485-3622274768-514) -> samba_domain_guests Domain Computers (S-1-5-21-3285246029-973205485-3622274768-515) -> samba_domain_computers Administrators (S-1-5-21-3285246029-973205485-3622274768-544) -> samba_administrator Account Operators (S-1-5-21-3285246029-973205485-3622274768-548) -> samba_account_operators Print Operators (S-1-5-21-3285246029-973205485-3622274768-550) -> samba_print_operators Backup Operators (S-1-5-21-3285246029-973205485-3622274768-551) -> samba_backup_operators Replicators (S-1-5-21-3285246029-973205485-3622274768-552) -> samba_replicators Additionally here are some screenshots from our Apache Directory Browser with the user accounts backup and root and the group Domain Admins. backup root samba_domain_admins If you need further confuration, please ask me. I would be really happy if we could solve this issue. |
has anybody an idea how this issue could be solved?
|
It seems that this is an synchronization issue.
When I add some ldap-user to the Domain Admins group, a few days later I can login with this user and he is domain admin at a local machine. But when I remove the user again from Domain Admins then the user still stays domain admin. Something is still wrong with the system. Please, if anybody has an idea how this synchronization works please tell me. |
All times are GMT -5. The time now is 06:11 PM. |