WinNT://<Domain Name>/Domain Users Does Not Work with ADS LDAP Authentication for NCompass Resolution 4.0 (320704)


The information in this article applies to:

  • NCompass Resolution 4.0
This article was previously published under Q320704

SYMPTOMS

When you add the Domain Users group from a supported Microsoft Windows 2000 domain to a NCompass Resolution user group by using the Site Builder, all of the users in that group can log on to NCompass Resolution. After you enable Active Directory Lightweight Directory Access Protocol (LDAP), however, no users in the Domain Users group can log on to NCompass Resolution.

CAUSE

In ADS LDAP, the primary group is a group that is identified by the PrimaryGroupID property of an ADS object. Because a group membership limitation of 5000 users exists, the membership in a large group such as Domain Users can be specified by using the PrimaryGroupID property. NCompass Resolution, however, only retrieves groups in which a user is an explicit member.

WORKAROUND

To work around this problem, follow these steps:
  1. Remove the LDAP domain users from the rights group in the Site Builder.
  2. In the Server Configuration Application (SCA), add the domain of the domain users to supported NT domain.
  3. Add the NT domain users to the rights group in the Site Builder.

MORE INFORMATION

The same problem occurs on Microsoft Content Management Server (CMS) 2001. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

314899 WinNT://Domain Name/Domain Users Does Not Work with ADS LDAP Authentication for CMS 2001

Modification Type:MajorLast Reviewed:5/10/2002
Keywords:kbprb KB320704
©2002 Microsoft Corporation. All rights reserved.