Community
Vault Forum
Welcome to Autodesk’s Vault Forums. Share your knowledge, ask questions, and explore popular Vault topics.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Accounts of trusted domain are not shown as member of domain group

7 REPLIES 7
Back to Vault Category
Back to Topic Listing
Reply
Message 1 of 8
Maxim-CADman77
Advisor
1033 Views, 7 Replies
‎04-16-2013 10:35 PM
‎04-16-2013 10:35 PM

Accounts of trusted domain are not shown as member of domain group

Our company network configuration counts several trusted domains.

We used to use domain groups that include accounts from different domains.

ADMS console doesn’t show members that doesn’t belong to domain of the group while OS does show accounts from both domains.

Example

there are 2 domains:

   DomainA

   DomainB

There is a Domain A group

   DomainA\TheGroup

with two domain users included

   DomainA\User01

   DomainB\User01

ADMS is a part of DomainA and it's OS sees the group all correct two members.

ADMS console shows the only user in the group - DomainA\User01.

 

What might be wrong.

 

PS: At leas once Vault showed that same group with both members.

PPS: Autodesk Support CaseNo is 08285515, but I don't feel like getting support to this issue with their usuall half-year/case speed so any ideas are welcome.

... studying Autodesk Inventor since 2005 ...
Report
0 Likes
Reply
7 REPLIES 7
Message 2 of 8
Maxim-CADman77
Advisor
in reply to: Maxim-CADman77
‎04-19-2013 12:34 AM
‎04-19-2013 12:34 AM

Further testing..

 

There is two groups:

   DomainA\Group01

   DomainB\Group01

 

Both groups have same set of members:

   DomainA\User01

   DomainB\User01

 

Vault sees incomplete content for each group:

 

  DomainA\Group01 only DomainA\User01

 

  DomainB\Group01 only DomainB\User01

 

Any ideas?

 

PS: Vault Pro 2013, Service Pack 1

... studying Autodesk Inventor since 2005 ...
Report
0 Likes
Reply
Message 3 of 8
MaxU77
Advocate
in reply to: Maxim-CADman77
‎04-24-2013 09:42 AM
‎04-24-2013 09:42 AM

The update for topic headline issue:

Vault adds account of trusted domain to domain group on login of the user (that is ok)

Vault removes account of trusted domain from domain group on group update operatien (wrong behavior).

 

But there is also second issue with usage of trusted domain accounts within domain groups:

If trusted-domain-user is given modify access to replicated folder DIRECTLY – everything is OK on both publisher and subscriber ADMS.

But if trusted-domain-user is given modify access to replicated folder VIA DOMAIN GROUP then everything is ok on ADMS-publisher but only READ access to that same folder on ADMS-subscriber.

MaxU77,
AI2011 Certified Associate
(Soft: PDSU2012, VP2012&VP2013)
Report
0 Likes
Reply
Message 4 of 8
ihayesjr
Community Manager
in reply to: Maxim-CADman77
‎05-08-2013 08:30 AM
‎05-08-2013 08:30 AM

Can you provide screen shots showing the permission difference on the publisher folder and the subscriber folder?




Irvin Hayes Jr
Sr. Product Manager
Autodesk, Inc.
Vault - Under the Hood Blog
Report
0 Likes
Reply
Message 5 of 8
Anonymous
in reply to: ihayesjr
‎05-08-2013 08:46 AM
‎05-08-2013 08:46 AM

Surely! I'm now 3 weeks waiting for somebody from Autodesk asking me for some details (weanwhile have prevented several attempts to close the case without denying the problem existance).

Which way do you prefer to get those screenshots:

1. Post em here (not desirable as it will mean share publicly names of our server, database and user);

2. Attach them to the mentioned case.

3. Pass it to you in some alternative way (to your mail etc)?

Report
0 Likes
Reply
Message 6 of 8
ihayesjr
Community Manager
in reply to: Anonymous
‎05-08-2013 08:48 AM
‎05-08-2013 08:48 AM

Attach them to your case.




Irvin Hayes Jr
Sr. Product Manager
Autodesk, Inc.
Vault - Under the Hood Blog
Report
0 Likes
Reply
Message 7 of 8
Anonymous
in reply to: ihayesjr
‎05-08-2013 09:51 AM
‎05-08-2013 09:51 AM

Dear Irvin Hayes

 

I've uploaded the screenshots.

 

Thank for your interest and hope to hear from you.

Report
0 Likes
Reply
Message 8 of 8
Maxim-CADman77
Advisor
in reply to: Anonymous
‎06-27-2016 08:19 AM
‎06-27-2016 08:19 AM

Issue is actual in Vault 2017. Steps to reproduce:

 

  1. Setup Vault for two connected WorkGroups (trusted domains).
  2. In Active Directory of subscriber’s WG create account “UserOfSubscriber”
  3. In Active Directory of publisher’s WG create account “UserOfPublisher”
  4. In Active Directory of publisher’s WG create group “Designers” containing the two accounts
  5. Open ADMS console; import «Designers» group (give it «Document Editor (Level 2)» Role; give it access to the Vault; make sure it is enabled).

BTW make sure only “UserOfPublisher” is shown as a member (no “UserOfSubscriber” is present).

 

6. Run VE as “UserOfPublisher” and make sure he:

   6.1 does have edit permission while connected via the Publisher

   6.2 CAN’T connect via the Subscriber

7. Run VE as “UserOfSubscriber” and make sure he:

   7.1 does have edit permission while connected via the Publisher

   7.2 CAN’T connect via the Subscriber

8. In Vault create local Group “DesignersLOC” containing the two accounts (give it «Document Editor (Level 2)» Role; give it access to the Vault; make sure it is enabled).

9. Run VE as “UserOfPublisher” and make sure he now does have edit permission while connected via the Subscriber.

10. Run VE as “UserOfSubscriber” and make sure he now does have edit permission while connected via the Subscriber.

... studying Autodesk Inventor since 2005 ...
Report
0 Likes
Reply
Reply

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

Autodesk Design & Make Report

Report a website issue