We've got a lot of objects in our database and in some of the machine properties the assigned users / groups are not displayed.
SbAdmCl also says there are no users assigned to the respective machine objects.
Still, the users can log on to the machines. Even after mutliple successful synchronizations.
The client log does not show anything out of the ordinary.
So it seems to be a matter of displaying the information.
Any ideas about the cause of this?
The user audit only shows the usual things like last logon times and recovery messages. Nothing suspicious there.
Though the machines have existed for some time now, the audit logs show no entries.
And to top this off, the SbClientLog shows one succesful sync after another.
At the top of the file can be seen that the users are added to the machine, then there's a lot of regular syncing over the next time, but never anything about removing users or being unable to read or write any attributes.
usually this is because you are looking at the wrong object in the db - get the machine ID from the pre-boot screen and compare that to the object ID in the database - in the case of a machine syncing, but having a different policy that the one in the db, people usually find they are different.
When the next case arises we will compare the IDs just to be on the safe side, but I just realized I didn't mention added users would also work on such a machine.
You see the empty users list, add a new user to this list, sync the machine and the user can successfully log in. As can the previously existing users, though they are still not displayed in the db.
So the machine object seems to be the right one.Nachricht geändert durch NCC on 18.10.10 01:55:53 GMT-06:00
Ok. We've got another machine now.
The users are assigned and there is an audit trail for the machine object.
Still the users are not displayed in the "users" section of the machine object's properties.
I'll post the ID as soon as I get it.
The ID on the machine is the same as the object's that I'm looking at in the database.Nachricht geändert durch NCC on 18.10.10 02:52:10 GMT-06:00
No, the account does not have group restrictions.
It even has full admin rights.
I can see the user object & group, the machine & group and there isn't even a group assigned that would be on a higher level than my account.
On a machine that DOES have such a higher group or user assigned, I can still see it, but just can't do certain things. Exactly as it should be.
Sorry. Can't do that.
Level 32 is restricted to a user who's password is stored somewhere secure.
Max level for our team is 25 and our regular level is below that.
No setting or user relevant to the machines or users in question can be higher than this.