Assigning users to Domain Users group

Assigning users to Domain Users group

Question
When I assign a link to Domain Users, the users never get the link. If I assign the link directly to the user or another group, then things work.
 
Resolution
This is a feature/limitation of Microsoft Active Directory (MS AD). Domain Users is typically the Primary Group that every domain user gets added to. Because of the 5000 user limitation in Microsoft Groups, they don’t store the user's ID in the Domain Users group, and the user's ID in MS AD does not contain Domain Users in its list of group memberships. Instead, the user's ID contains the RID of the Domain Users group stored in the PrimaryGroupID attribute.  Due to this behavior UW is unable to utilize a Primary Group for assignments.

See the following URL for more information http://support.microsoft.com/default.aspx?scid=kb;en-us;275523

This 5000 user limitation came from Windows 2000.  Windows 2003, and higher, removes the limitation, but the Primary Group is still used in the same way.

    • Related Articles

    • Add large number of users to group - Form Too Large

      The customer was trying to add a member to a group which has lots of users already. They got "script running slowly" messages, however, users were finally added. The customer then tried adding them in a few at a time, On the last bunch after clicking ...
    • Display domain policies on a machine

      How can I find what policies are set on a machine based on logging into my companies domain ?   Start, Run, rsop.msc This will load the snap in and allow you to see what policies are applied to the workstation. Other handy tools : gpedit.msc - Edit ...
    • Enable Multi-Domain Support

      If you use Active Directory and have multiple domains using a Parent Child configuration model AND your Check DNS Configuration is clean and has no errors then you can safely check this option. If it is not enabled and you have parent child domain ...
    • Enable webNetwork to talk to AD Child domain

      To allow webNetwork to talk to a child domain in Microsoft Active Directory you will want to first make sure your child domain is up and running and that you have run DNSLINT to verify your Active directory DNS names and server communication. Next ...
    • Disable Group Search for File Services

      Issue: In the past Unified Workspace (formerly webNetwork) required having to manually add some search indexes to prevent slowness issues in various parts of webNetwork, most notably (webStorage) File Services. When a user authenticates to Unified ...
    • Popular Articles

    • Old Browser Versions

      Question: I am using an older browser version and am having problems. What can be done ? We are not able to upgrade the browser at this time.   This is a challenge for any company that makes software that utilizes a browser. Since Stoneware does not ...
    • LCS Redirection

      Problem: How to redirect the LCS in an environment with multiple LCSs and students connecting to them. Solution(s): Create an allow.cfg on all LCS(s) (including the Master) in the network, however, even if no allow.cfg is present on an LCS, machines ...
    • Time windows allows for Service Shutdown

      Issue: Can the time windows gives a service to shut down before it kills the service be increased? Solution: Yes, the following information comes from the Microsoft URL : http://support.microsoft.com/kb/146092 To specify the wait time, do the ...
    • How to disable password saving - Internet Explorer

      Having multiple methods for saving a password in the browser can cause confusion for the user.   To disable password saving in Internet Explorer, launch Internet Explorer and perform the following steps. Click the blue Settings menu icon in the upper ...
    • How to disable password saving - Chrome

      Having multiple methods for saving a password in the browser can cause confusion for the user.  To disable password saving in Chrome, launch Chrome and perform the following steps. Click the Chrome menu button in the upper right corner of the Chrome ...
    • Recent Articles

    • SAML Service Provider

      Issue How can I use a 3rd Party service (such as ADFS, Office365, or OneLogin) to SSO into UW? Solution The SAML Service Provider (SP) features allows another Identity Provider (IDP) to single sign-on into Unified Workspace using SAML for a seamless ...
    • Lenovo Unified Workspace 7.0.0.63 Released

      Highlights of Unified Workspace 7.0.0.63 Before you install: Please view the installation notes here. 7.0.0.63 Requires new 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.0.63 New Profile Style New Login ...
    • How to fix customized login and profile after upgrading to v7.0

      With the release of 7.0 the default login page has been modified to simplify the customization process.  If you are having an issue with the login page not displaying, after upgrading to v7.0, you will need to delete the custom CSS code and start ...
    • SAML SP - Sync Directory Password

      Login script to prompt for directory password Since the user does not login into Unified Workspace with a password, we cannot capture the password to use in the @@password@@ variable.  If you would like to use the Active Directory password for other ...
    • MySQL 8 SSL

      Issue Admin is making a database connection to a MySQL 8 database.  When clicking the Ping button on the DB Connection object, the following error is presented: WARN: Establishing SSL connection without server's identity verification is not ...