Getting NT group membership from TSQL 
Author Message
 Getting NT group membership from TSQL

Hi!

I'm trying to get the NT group membership of a specified username from TSQL.
I'm using the following to query the OS:

SELECT *

It works fine except the fact that it seems that the result is cached
somewhere, because if I run it once when a user is member of a certain group
it, and then remove the user from the group and rerun the statement, it
still reports the user as a group member. Even if I remove the group
altogether, it still lists the group.

Any tips on this?

Brgds

Jonas



Sat, 13 May 2006 22:20:04 GMT
 Getting NT group membership from TSQL

Jonas,

FWIW, changes to names on the domain take a few minutes to replicate around.
I am not a net admin, but I have run into this in the past.  If you wait a
few minutes are your results correct?  (Takes as much as 15 minutes on the
domain where I work.)

Russell Fields


Quote:
> Hi!

> I'm trying to get the NT group membership of a specified username from
TSQL.
> I'm using the following to query the OS:

> SELECT *

> It works fine except the fact that it seems that the result is cached
> somewhere, because if I run it once when a user is member of a certain
group
> it, and then remove the user from the group and rerun the statement, it
> still reports the user as a group member. Even if I remove the group
> altogether, it still lists the group.

> Any tips on this?

> Brgds

> Jonas



Sat, 13 May 2006 22:44:11 GMT
 Getting NT group membership from TSQL
Thanks for your answer which sounds resonable, but the group I'm playing
around with is a local group on my own computer, which should be available
directly. If I run the NET LOCALGROUP, the changes are instantaneous.

I think the "caching" takes places somewhere in the SQL Server, but I'm not
sure.

Brgds

Jonas


Quote:
> Jonas,

> FWIW, changes to names on the domain take a few minutes to replicate
around.
> I am not a net admin, but I have run into this in the past.  If you wait a
> few minutes are your results correct?  (Takes as much as 15 minutes on the
> domain where I work.)

> Russell Fields



> > Hi!

> > I'm trying to get the NT group membership of a specified username from
> TSQL.
> > I'm using the following to query the OS:

> > SELECT *

> > It works fine except the fact that it seems that the result is cached
> > somewhere, because if I run it once when a user is member of a certain
> group
> > it, and then remove the user from the group and rerun the statement, it
> > still reports the user as a group member. Even if I remove the group
> > altogether, it still lists the group.

> > Any tips on this?

> > Brgds

> > Jonas



Sat, 13 May 2006 22:52:23 GMT
 Getting NT group membership from TSQL
Some more investigations has revealed that the time for a group membership
change to appear when using this function is between a couple of minutes up
to almost ten minutes.

/Jonas


Quote:
> Thanks for your answer which sounds resonable, but the group I'm playing
> around with is a local group on my own computer, which should be available
> directly. If I run the NET LOCALGROUP, the changes are instantaneous.

> I think the "caching" takes places somewhere in the SQL Server, but I'm
not
> sure.

> Brgds

> Jonas



> > Jonas,

> > FWIW, changes to names on the domain take a few minutes to replicate
> around.
> > I am not a net admin, but I have run into this in the past.  If you wait
a
> > few minutes are your results correct?  (Takes as much as 15 minutes on
the
> > domain where I work.)

> > Russell Fields



> > > Hi!

> > > I'm trying to get the NT group membership of a specified username from
> > TSQL.
> > > I'm using the following to query the OS:

> > > SELECT *

> > > It works fine except the fact that it seems that the result is cached
> > > somewhere, because if I run it once when a user is member of a certain
> > group
> > > it, and then remove the user from the group and rerun the statement,
it
> > > still reports the user as a group member. Even if I remove the group
> > > altogether, it still lists the group.

> > > Any tips on this?

> > > Brgds

> > > Jonas



Sun, 14 May 2006 18:24:31 GMT
 Getting NT group membership from TSQL
Jonas,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsq...
(from 1999 and for SQL Server 7) implies some caching, but is not very
specific. One comment is :

When a user connects to SQL Server 7.0, the server creates a Process Status
Structure (PSS) structure in memory, which is comprised of the user's SID,
group SIDs, and other security and state information.

FWIW,
Russell Fields


Quote:
> Some more investigations has revealed that the time for a group membership
> change to appear when using this function is between a couple of minutes
up
> to almost ten minutes.

> /Jonas



> > Thanks for your answer which sounds resonable, but the group I'm playing
> > around with is a local group on my own computer, which should be
available
> > directly. If I run the NET LOCALGROUP, the changes are instantaneous.

> > I think the "caching" takes places somewhere in the SQL Server, but I'm
> not
> > sure.

> > Brgds

> > Jonas



> > > Jonas,

> > > FWIW, changes to names on the domain take a few minutes to replicate
> > around.
> > > I am not a net admin, but I have run into this in the past.  If you
wait
> a
> > > few minutes are your results correct?  (Takes as much as 15 minutes on
> the
> > > domain where I work.)

> > > Russell Fields



> > > > Hi!

> > > > I'm trying to get the NT group membership of a specified username
from
> > > TSQL.
> > > > I'm using the following to query the OS:

> > > > SELECT *

> > > > It works fine except the fact that it seems that the result is
cached
> > > > somewhere, because if I run it once when a user is member of a
certain
> > > group
> > > > it, and then remove the user from the group and rerun the statement,
> it
> > > > still reports the user as a group member. Even if I remove the group
> > > > altogether, it still lists the group.

> > > > Any tips on this?

> > > > Brgds

> > > > Jonas



Mon, 15 May 2006 22:12:47 GMT
 
 [ 5 post ] 

 Relevant Pages 

1. NT Group Membership

2. NT Group Membership from SQL Server

3. NT Group membership enumeration.

4. NT Group membership enumeration.

5. Verifying NT Username and Group Membership

6. Problem getting User Names from NT Groups

7. Getting NT group

8. ldap query to resolve group membership in AD

9. "OLAP Administrators" Group Membership

10. Group Membership

11. permit via group membership

12. via group membership


 
Powered by phpBB® Forum Software