After renaming Securirty Group can't see new name a period of time

OZ 226 Reputation points
2024-03-17T14:30:30.1733333+00:00

I have many domain controllers in different sites. I noticed after renaming any security group with powershell, I can't see new name in the same powershell a period of time (up to 15 minutes), however I can see new name in gui in ADUC. And vice versa - when I change name in ADUC I can't see new name in powershell a period of time. It's some kind of magic. I tried repadmin /syncall ADPe but in this situation it does not help, although in other situations this command helps me very much when I run it on the domain controller on which I made changes. I'd like to know what do I need to run to see changes right away? wchih context of ntds.dit have to be replicated or something like this ?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,169 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,897 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,381 questions
Accepted answer
  1. Rich Matheisen 45,011 Reputation points
    2024-03-17T15:13:09.7733333+00:00

    It's not usually some sort of Voo-doo. :-)

    Each PowerShell cmdlet chooses its own DC (usually within the same AD site as the machine on which the script is executed). If you want consistency, your scripts should make their own selection of a DC and store the choice in a variable. The variable should be used as the value of the "-Server" parameter on each cmdlet. This is applicable to all but single DC forests.

    If you were to do something like below, you may find that the DisplayName appears not to have changed!

    Get-ADUser -Identity samAccountName |
    Select-Object DisplayName

Get-ADUser -Identity samAccountName |
    Set-ADuser -DisplayName somethingDifferent |
        Get-ADUser |
            Select-Object DisplayName

    Intra-site replication usually sets things right within a short period of time. Inter-site replication schedules may cause a longer delay. But if there are problems with the AD, well . . . ?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest