see: Tokensz http://www.microsoft.com/downloads/details.aspx?FamilyID=4a303fa5-cf20-43fb-9483-0f0b0dae265c&displaylang=en Authentication Fails Due to User PAC http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/3872f0d7-e4b3-49ed-9a4b-1fefbf0d4547.mspx Cheers Jorge
________________________________ Van: [EMAIL PROTECTED] namens Al Mulnick Verzonden: ma 14-11-2005 16:03 Aan: [email protected] Onderwerp: RE: [ActiveDir] Token Bloat Can you be more specific? Are you asking if the order of the tokens is FIFO related to group additions and if so, is it evaluated up to that point when the token is bloated beyond the maxtokensize? Is there a reason you would want to know that? I'm thinking that you'd get unpredictable results to make this worthwhile and you'll be better off fixing the issue in the first place. Unless this is for some sort of audit after the fact and you want to prove/disprove when the issue would occur for that sake. There's a utility (name escapes me at the moment) that lets you evaluate the token size on a command line. You may be able to setup some quick tests and see exactly what happens in this situation. I'll try to remember the name of the utility if somebody else doesn't chime in with it first. Al >From: Kitchens Arthur E <[EMAIL PROTECTED]> >Reply-To: [email protected] >To: [email protected] >Subject: [ActiveDir] Token Bloat >Date: Mon, 14 Nov 2005 07:59:01 -0500 > > Might anyone know what actually happens in this situation? Do sids in >the >token up to maxtokensize get evalutated ( is sid order within the token >determined by sequence of group memberships additions , if order even >matter)? None of them? Something completely different from either of these >two scenerios? Thanks in advance. > > A. E. Kitchens >phone 904-301-3578 >fax 904-301-3625 >Atonally DO:RE:MI:FA:SO:LA:TI:DO >Felis demulcta mitis > > >"Reality is that which, when you stop believing in it, doesn't go away". > -- Philip K. Dick List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
