domain users not member of specific group but when i run whoami /group show in that group

Amr Ayman 20 Reputation points
2024-06-23T11:03:44.1333333+00:00

hi

i have problem that some users in domain not member in security group for example name A when i open the security group member of i dont find it and that what suppose to be

but when i run cmd command whoami /groups its show with another groups

than make proplems with me like give that user access internet because he in the group

many users become like that suddenly even not in member of

i hope someone can help me

thanks so much

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,993 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,131 questions
0 comments
Accepted answer
  1. Yanhong Liu 4,495 Reputation points Microsoft Vendor
    2024-06-24T09:13:56.3466667+00:00

    Hello,

    Thank you for posting in Q&A forum.

    You seem to have an issue where some users, such as "A", do not appear to be members of a particular security group, but still gain permissions via the command line or are included in other groups.

    This is causing issues as it's giving these users internet access. Here are a few suggestions:

    1. Check Group Policy: Ensure that there are no Group Policy settings that are automatically adding users to this group.
    2. Check Nested Groups: The user might be a part of a nested group that is a member of group A. Check if there are any nested groups within group A.
    3. Replication Issues: There might be a replication issue between your domain controllers. You can use tools like 'repadmin' or 'dcdiag' to check the health of your domain controllers and replication status.
    4. Update Group Membership: You can try to update the group membership manually. Remove the user from the group, update the group policy by running 'gpupdate /force' on the user's machine, and then add the user back to the group.
    5. Use PowerShell: You can use PowerShell to get a list of all the groups a user is a member of. This might give you more information than 'whoami /groups'. The command is 'Get-ADUser -Identity username -Properties MemberOf'. Remember to replace 'username' with the actual username of the user.

    If you continue to experience issues, please provide more details about your environment, such as the version of Windows Server you're using, and any error messages you're seeing. This will help in providing a more accurate solution.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest