Microsoft KB Archive/320704

= WinNT:///Domain Users Does Not Work with ADS LDAP Authentication for NCompass Resolution 4.0 =

Article ID: 320704

Article Last Modified on 5/10/2002

-

APPLIES TO


 * NCompass Resolution 4.0

-



This article was previously published under Q320704



SYMPTOMS
When you add the Domain Users group from a supported Microsoft Windows 2000 domain to a NCompass Resolution user group by using the Site Builder, all of the users in that group can log on to NCompass Resolution. After you enable Active Directory Lightweight Directory Access Protocol (LDAP), however, no users in the Domain Users group can log on to NCompass Resolution.



CAUSE
In ADS LDAP, the primary group is a group that is identified by the PrimaryGroupID property of an ADS object. Because a group membership limitation of 5000 users exists, the membership in a large group such as Domain Users can be specified by using the PrimaryGroupID property. NCompass Resolution, however, only retrieves groups in which a user is an explicit member.



WORKAROUND
To work around this problem, follow these steps:
 * 1) Remove the LDAP domain users from the rights group in the Site Builder.
 * 2) In the Server Configuration Application (SCA), add the domain of the domain users to supported NT domain.
 * 3) Add the NT domain users to the rights group in the Site Builder.



MORE INFORMATION
The same problem occurs on Microsoft Content Management Server (CMS) 2001. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

314899 WinNT://Domain Name/Domain Users Does Not Work with ADS LDAP Authentication for CMS 2001

Keywords: kbprb KB320704

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.