After a Synergetic user has had a user name change, when they login they appear to have no permissions for Synergetic.
This is because the user has a local profile cache on the SQL server.
For example, a user Jane Bloggs (AD user name jane.bloggs) has a surname change to 'Smith' so IT admin change this in Active Directory (AD user name jane.smith) and in Synergetic under Group/User Security Maintenance.
So while superficially it appears that all configuration is correct, the SQL server cached profile is still in effect.
Anecdotally this appears to self resolve within a few days.
So if you experience this issue, request the user need to log off of their workstation and log back on. That's why the changes appear to take effect the next day or so. The reason for this is that when the user logs on again they get a new token from the domain controller and this token contains the list of domain groups that they are a member of. This token with the list of domain groups is only updated when the user logs in to their computer, so if the user never logs out the token isn't ever updated.
There's also multi-site domain replication delays which need to be taken into account if your domain controllers are in different physical locations.
A more drastic resolution for this is rebooting the SQL server to force this process, however this will impact any logged in users and external parents accessing the web products.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article