Question for time based group membership in FL 2016
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Thu Feb 1 21:33:28 UTC 2024
hi Kees,
> Still, if you know what this powershell call changes in the LDAP record
> of the group, the user or elsewhere in LDAP, you can mimic this
> functionality quite easily with a little cron script on the DC.
I had similar thoughts, but it sounds this Windows Server 2016 feature
is a bit cleverer than that -- in particular, the KDC will not issue
tickets that outlive an expiring group.
cheers,
Douglas
More information about the samba-technical
mailing list