Our company network configuration counts several trusted domains.
We used to use domain groups that include accounts from different domains.
ADMS console doesn’t show members that doesn’t belong to domain of the group while OS does show accounts from both domains.
Example
there are 2 domains:
DomainA
DomainB
There is a Domain A group
DomainA\TheGroup
with two domain users included
DomainA\User01
DomainB\User01
ADMS is a part of DomainA and it's OS sees the group all correct two members.
ADMS console shows the only user in the group - DomainA\User01.
What might be wrong.
PS: At leas once Vault showed that same group with both members.
PPS: Autodesk Support CaseNo is 08285515, but I don't feel like getting support to this issue with their usuall half-year/case speed so any ideas are welcome.
Further testing..
There is two groups:
DomainA\Group01
DomainB\Group01
Both groups have same set of members:
DomainA\User01
DomainB\User01
Vault sees incomplete content for each group:
DomainA\Group01 only DomainA\User01
DomainB\Group01 only DomainB\User01
Any ideas?
PS: Vault Pro 2013, Service Pack 1
The update for topic headline issue:
Vault adds account of trusted domain to domain group on login of the user (that is ok)
Vault removes account of trusted domain from domain group on group update operatien (wrong behavior).
But there is also second issue with usage of trusted domain accounts within domain groups:
If trusted-domain-user is given modify access to replicated folder DIRECTLY – everything is OK on both publisher and subscriber ADMS.
But if trusted-domain-user is given modify access to replicated folder VIA DOMAIN GROUP then everything is ok on ADMS-publisher but only READ access to that same folder on ADMS-subscriber.
Can you provide screen shots showing the permission difference on the publisher folder and the subscriber folder?
Surely! I'm now 3 weeks waiting for somebody from Autodesk asking me for some details (weanwhile have prevented several attempts to close the case without denying the problem existance).
Which way do you prefer to get those screenshots:
1. Post em here (not desirable as it will mean share publicly names of our server, database and user);
2. Attach them to the mentioned case.
3. Pass it to you in some alternative way (to your mail etc)?
Attach them to your case.
Issue is actual in Vault 2017. Steps to reproduce:
BTW make sure only “UserOfPublisher” is shown as a member (no “UserOfSubscriber” is present).
6. Run VE as “UserOfPublisher” and make sure he:
6.1 does have edit permission while connected via the Publisher
6.2 CAN’T connect via the Subscriber
7. Run VE as “UserOfSubscriber” and make sure he:
7.1 does have edit permission while connected via the Publisher
7.2 CAN’T connect via the Subscriber
8. In Vault create local Group “DesignersLOC” containing the two accounts (give it «Document Editor (Level 2)» Role; give it access to the Vault; make sure it is enabled).
9. Run VE as “UserOfPublisher” and make sure he now does have edit permission while connected via the Subscriber.
10. Run VE as “UserOfSubscriber” and make sure he now does have edit permission while connected via the Subscriber.