PRB: A New User Is Not Added to the HAC Database Because Active Directory Replication Occurs Later (820544)


The information in this article applies to:

  • Microsoft Host Integration Server 2000
  • Microsoft Host Integration Server 2000 SP1
  • Microsoft SNA Server 4.0
  • Microsoft SNA Server 4.0 SP1
  • Microsoft SNA Server 4.0 SP2
  • Microsoft SNA Server 4.0 SP3
  • Microsoft SNA Server 4.0 SP4

SYMPTOMS

If a new user is created by using the Active Directory Users and Computers MMC Snap-In on a Windows 2000 Domain Controller that is not the primary domain controller (PDC) Emulator, the newly created user may not be added to the SNA Host Account Cache (HAC) database.

Note This problem does not occur on Windows NT 4.0 domains.

CAUSE

When a new user is created, a password change notification is initiated. The host security password change DLL (Snapwchg.dll) is notified of the password change for this new user. The password change request is sent to the master HAC service/database (this service runs on the Windows 2000 PDC Emulator). The master HAC database determines whether the user that is specified in the password change request exists in the Host Security Domain group. By default, the Domains Users group is a member of the Host Security Domain group.

If the Active Directory directory service is scheduled to replicate before the Windows 2000 PDC Emulator has received the changes that include the information about the new user, the HAC database is informed that this user is not a member of the Host Security Domain group. The user does not appear to be a member because the user does not yet exist in the copy of the Active Directory database that is on the PDC Emulator. At this point, the new user has not been added to the HAC database.

RESOLUTION

If Active Directory replication schedules prevent new users from being added to the SNA Host Account Cache database automatically, make sure the Active Directory Users and Computers MMC Snap-In is connected to the Windows 2000 PDC Emulator when you add new users.

To connect to a specific domain controller in the Active Directory Users and Computers MMC Snap-In, follow these steps:
  1. Right-click the root node in the left pane of the Active Directory Users and Computers MMC Snap-In, and then click Connect to Domain Controller.
  2. Type the name of the domain controller in the Change to box, or click a domain controller in the Available controllers in DomainName.com list, where DomainName.com is the actual name of the domain, and then click OK.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

After the Active Directory replication is complete, you can use one of the following methods to add the new user to the HAC database:
  • Run the Host Account Manager (Udconfig.exe) utility that is available in either Host Integration Server 2000 or SNA Server 4.0.
  • Use the SNA command line configuration utility (Snacfg.exe) to add the user to the HAC database.
  • Change the new user's password. This change initiates the password change notification process that was described earlier in this article.
Modification Type:MinorLast Reviewed:3/23/2005
Keywords:kbprb KB820544 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.