Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
Teamsite Active Directory Problem - Group Info
nazri
Hi,
Teamsite just can't seems to extract user group information from Active Directory.
Below are my detail scenario,
I have Teamsite 6.5 running on W2K3 as a member server to a domain, lets call it domain A.
Inside the domain, i have teamsite users created in a OU. I also have 2 level nested groups inside another OU to group these users.
In Teamsite, workarea permission are assigned according to the top level groups.
I have assigned read group membership priviledge to the Teamsite Computer object to all the groups and user id. I have also done the 4 things that the tech article suggested to add read group permission.
However, Teamsite just can't seem to retrieve the group information. The no of user and group teamsite located is shown in iwtrace.cfg.
Teamsite was started with System account. I did a small experiment and start teamsite with user id in domain A. It manages to get all information, however this introduce another different problem, Y drive does not show up. I did the switching to the startup account following the recommended steps in yet another Interwoven tech article.
Anyone have any idea on either one of the problem (Teamsite can read AD or Y drive not shown)?
Please i truely need help as i do not have much time.
Thx
Find more posts tagged with
Comments
ushapriya
We have the same problem too. Any information would be appreciated.
Usha
Bhargav Coca
Doesn't the Y: show up when you are logged in as an Admin on the box?
Check the Iwmount setup on the Windows registry. If should be specified there.
Thanks
stefanmaier
The no of user and group teamsite located is shown in iwtrace.cfg.
How much users do you have?
In the past (TS5.5), we had some problems with our TS system:
We had round about 1500 authors administered, the iwserver read all user information if we rebooted our server. Problem was that this info gathering took 20 minutes. Y appeared only after that time.
ushapriya
Y: does not show up if the "interwoven teamsite" service is run as "domain user" with all local security priveleges given as mentioned in another kb
if the service is change to run as "local system" and service restarted, y: reappears magically
The problem is - even after given the machine priveleges(in domain controller) to read the membership info, the interwoven service is unable to read user group membership if run as local system
But if the service is run as domain account and the same priveleges for read membership info is given to the domain account (in domain controller), the usergroups are enumerated.
This is the reason why we are trying to run the service under domain account - but y: does not appear. Even after half hour y: does not appear if domain user is used to start teamsite service
BIRT_Use_CSS.JPG
ushapriya
For Local system account to read active directory info of 2003 AD domain the following changes need to be made to security policy of 2003 domain controller
1. You need to make sure that Everyone is a part of the Pre-Windows 2000 Compatibility Access Group on the Windows 2003 domain controller
2. Also you need to add Anonymous to be a part of the Everyone group on the Windows 2003 domain controller this can be done by using the regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa everyoneincludesanonymous and set it to 1. This will require a reboot of the DC.
This works!!
