IsInRole howto troubleshoot

[Harold]

I have added a new active directory security group and added myself to it.
IsInRole is returning False for this new group. The user and the group are
in the same domain.

The group and user was added 24 hours ago, so I think it has had time to
replicate.

I used Reflection to call _GetRoles and the group does NOT show up in this
list. There are however 2 entries in the list that are Nothing.

I used DirectorySearcher to get a list of all the groups the user is in and
this DOES return the group.

What else can be done to figure out why IsInRole is not return True for this
group?

-Harold

 

[Mary Chipman]

Did you reboot or log off/on?

--Mary

 

[Harold]

Both.

 

[Mary Chipman]

In that case, is it possible that you're not using the correct syntax
for custom groups? it should be
winPrincipal.IsInRole("MachineName\RoleName")

--Mary

 

[Harold]

It appears the problem is related to VPN. Once I connect to the domain
(locally, rather than VPN) it works. And now when I go back to VPN it
works. But, when I add another group it does not show up using IsInRole
until I connect to the network locally.

Is there something being refreshed on my system when I connect locally? Is
there some way to manually refresh this information over VPN?

-Harold

 

[Joe Kaplan \(MVP - ADSI\)]

Is it possible that your VPN isn't allowing access to refresh your Kerberos
ticket? It definitely sounds like a network problem and Kerberos tickets
are how your group information from the DC gets to you and gets passed
around to other machines. Kerb runs on port 88.

Joe K.