AIX Vas user-override user issue

Using old OS(AIX5.3) and VAS client 3.5.2 and having an issue on our AIX servers with one user(pgg081) out of over 7500 where the user-override attributes(GID and shell) fail to actually override the attributes cached from AD.

 

We are trying to override the shell to /usr/bin/ksh for this user but it remains /home/ghem/ghem_access.

 # lsuser -f pgg081 | grep shell

        shell=/home/ghem/ghem_access

# grep -i pgg081 user-override

pgg081@.com:::1042460071::/home/pgg081:/usr/bin/ksh

Tried running the vastool flush and vastool flush accounts to clear the cache and reload but still get the same result.

 

Noticed the locally cached  vas_ident.vdb output doesn't seem to match between the user_posix and user_ovrd tables for user pgg081.

/opt/quest/libexec/vas/sqlite3 /var/opt/quest/vas/vasd/vas_ident.vdb "SELECT * FROM user_posix" |grep -i pgg08

7651|1386540765|10000||||||||/home/pgg081|/bin/bash||131274612000000000|131199900244278587|0|1|1|1|1|1|

 

Portion of the user-override table showing what should be row 7651 as row 732:

/opt/quest/libexec/vas/sqlite3 /var/opt/quest/vas/vasd/vas_ident.vdb "SELECT *FROM user_ovrd" | tail -45

7648|mjd232@.com|||1756051095||/home/mjd232|/home/ghem/ghem_access|user-override

7649|cdm070@.com|||640221255||/home/cdm070|/home/ghem/ghem_access|user-override

732|pgg081@.com|||1042460071||/home/pgg081|/usr/bin/ksh|user-override

7650|mmm259@.com|||758601807||/home/mmm259|/home/ghem/ghem_access|user-override

7652|v_jss452@.com|||1756051095||/home/v_jss452|/home/ghem/ghem_access|user-override

 

Could this be why the attributes don't get over ridden for pgg081? If so, how to correct this?

 This user was removed from AD and brought back several months later with the same UID.

Thanks in advance!

  • Hi Stanley,

    In the time frame that this user account was removed from AD and then added again did the override entry remain in place?

    I am thinking if that is the case then the override entry is there from the last time the account properly existed. If that is the case could you try removing the override entry. Leave it out until the override cache reflects the change, meaning there is not entry in the cache. Then add in the entry to the override file again and see if that clears the issue.

    Leigh Grant
  • In reply to Leigh Grant:

    Thanks for the reply Leigh!
    In trying your suggestion, removing the override entry and allowing the override cache to update did remove the 732 line entry for pgg081 so looked good at this point. However, once I added the entry back and allowed the cache to update it brought it back as 732 again, same as before.

    I also tried to remove the override entry and run a flush, but it came back the same 732 again.

    Another interesting thing with this user ID only is once a flush is run it comes back with a different primary group and groups than what is set in AD. I found that running a vastool checkaccess user will update it to the correct info that is set in AD.
    root@inghem01:/etc/opt/quest/vas # /opt/quest/libexec/vas/sqlite3 /var/opt/quest/vas/vasd/vas_ident.vdb "SELECT *FROM user_ovrd" | grep -I pgg081
    732|pgg081@.com|||1042460071||/home/pgg081|/usr/bin/ksh|user-override
    root@inghem01:/etc/opt/quest/vas # lsuser pgg081
    pgg081 id=1386540765 pgrp=Unix Users groups=Unix Users home=/home/pgg081 shell=/bin/bash gecos= login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=VAS SYSTEM=VAS OR FILES logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= fsize=2097151 cpu=-1 data=262144 stack=131072 core=2097151 rss=65536 nofiles=10000 roles=
    root@inghem01:/etc/opt/quest/vas # vastool user checkaccess pgg081
    Access for service login by pgg081 is allowed.
    Access Rule = [Allow User - pgg081@.com (users.allow)]
    root@inghem01:/etc/opt/quest/vas # lsuser pgg081
    pgg081 id=1386540765 pgrp=tss_west groups=server-hac-inghem01,server-hac-inghem02,server-hac-inghem03,server-hac-inghem04,server-hac-inghem05,server-hac-inghem06,server-hac-waghem01,server-hac-waghem02,server-hac-waghem03,server-hac-waghem04,server-hac-waghem05,server-hac-waghem06,tss_west,Unix Users,Employee Remote Access,Wireless Network Users,tss_west home=/home/pgg081 shell=/home/ghem/ghem_access gecos= login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=VAS SYSTEM=VAS OR FILES logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= fsize=2097151 cpu=-1 data=262144 stack=131072 core=2097151 rss=65536 nofiles=10000 roles=

    Any further help in sorting this out is greatly appreciated.
    Stan

  • In reply to stanley.bostik:

    A couple of thoughts.

    That seems like there is a second identity somewhere for this users. Any chance this account exists in the passwd file as well?

    The other thought I had, is there more than one domain? Could this user account exist in a second domain that has a trust established?

    Another question I was curious about, if you query the cache again but find user_posix entry for 732 is that an entirely different user? Anything similar about the two accounts?

    It might be worth running a query as well to make sure we don't have duplicate UID's in the cache as well. This should show a count if there is more than one.

    /opt/quest/libexec/vas/sqlite3 /var/opt/quest/vas/vasd/vas_ident.vdb "SELECT uidNumber FROM user_posix GROUP BY uidNumber HAVING ( COUNT(uidNumber) > 1 )"

    Leigh Grant
  • In reply to Leigh Grant:

    Thank you Leigh for the correspondence and new to the forum so to change it is unclear.

    There are no entries for this user in the passwd file and I have had our AD team quadruple check this account for correctness, so all I can do at this point is trust it.

    There is not 732 entry in the user_posix table.

    There is one duplicate uidnumber but a query on that shows neither ID is pgg081.
    /etc/opt/quest/vas # ser_posix GROUP BY uidNumber HAVING ( COUNT(uidNumber) > 1 )"<
    30000085
    root@inghem01:/etc/opt/quest/vas # nt.vdb "SELECT * FROM user_posix WHERE uidNumber=30000085" <
    5559|30000085|10000||||||||/home/jjj862|/bin/bash||9223372036854775807|131213536173544342|0|1|1|1|1|1|
    5562|30000085|10000||||||||/home/cff281|/bin/bash||9223372036854775807|131189318796259727|0|1|1|1|1|0|

    Thanks in advance for all the help!
    Stan
  • In reply to stanley.bostik:

    Stanley,

    Another thing that's worth trying is upgrading the client to the newest version. 3.5.2 is an older release and isn't currently supported.  There has been many enhancements made throughout the product since that release.  Our most recent release is 4.1.0.22726 and can be downloaded from the QAS download site.

    -T

  • In reply to stanley.bostik:

    Hi Stanley,

    Tyler makes a good point about newer versions handling this better.

    I would be interested in seeing that users overall attributes however if you could share them. The below command will output what I am looking for.

    /opt/quest/bin/vastool -u host/ attrs pgg081
  • In reply to Leigh Grant:

    Thanks for the suggestion Tyler/Leigh but unfortunately we have application dependencies across all 12 of the servers that prevent us from upgrading the OS and thus the VAS client as well. And yes, this same issue is present across all 12 servers with 732 being the one constant in the user_ovrd. It does seem like remnants from when this user previously existed by where it falls numerically in the table as well.

    Hate to go this route but would an unjoin/join completely remove the locally cached db and rebuild the vas_ident.vdb?

    Thanks and requested info below,
    Stan

    # vastool -u host/ attrs pgg081
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: user
    cn: pgg081
    sn: XXXXXXX
    l: AAAAAA
    st: AA
    title: DAILY - QA Test Analyst III
    description: AAAAAAAA
    postalCode: 98203
    postOfficeBox: Suite N-###
    telephoneNumber: ###-###-####
    givenName: XXXXXXXXXXX
    distinguishedName: CN=pgg081,OU=Washington,OU=People,DC=corp,DC=pvt
    instanceType: 4
    whenCreated: 20160927205731.0Z
    whenChanged: 20161031142743.0Z
    displayName: XXXXXXX, XXXXXXX (Contr)
    uSNCreated: 391763739
    memberOf: CN=Engaging Technology - Contractors,OU=Distribution Lists,OU=Exchange,DC=corp,DC=pvt
    memberOf: CN=SIMPL Team,OU=Distribution Lists,OU=Exchange,DC=corp,DC=pvt
    memberOf: CN=GHEM Users LastName A-K,OU=Distribution Lists,OU=Exchange,DC=corp,DC=pvt
    memberOf: CN=AAAAAAAAAAAAA,OU=Distribution Lists,OU=Exchange,DC=corp,DC=pvt
    memberOf: CN=ghem_tss_west,OU=Applications,OU=Security Groups,DC=corp,DC=pvt
    memberOf: CN=Simpl Test Team,OU=Distribution Lists,OU=Exchange,DC=corp,DC=pvt
    memberOf: CN=Quest.Reset.Password-Contractors,OU=Applications,OU=Security Groups,DC=corp,DC=pvt
    memberOf: CN=Contractors,OU=Security Groups,DC=corp,DC=pvt
    memberOf: CN=Remote Access Users,OU=Rochester,OU=Distribution Lists,OU=Exchange,DC=corp,DC=pvt
    memberOf: CN=Employee Remote Access,CN=Users,DC=corp,DC=pvt
    memberOf: CN=Wireless Network Users,CN=Users,DC=corp,DC=pvt
    memberOf: CN=Silver_Jboss_App_Access,OU=Security Groups,DC=corp,DC=pvt
    uSNChanged: 408231068
    proxyAddresses: x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=pgg081
    proxyAddresses: smtp:pgg081@.com
    proxyAddresses: X400:C=US;A= ;P=AAAAAAAAAAAi;O=;S=XXXXXXX;G=XXXXXX;
    proxyAddresses: smtp:pgg081@.com
    proxyAddresses: smtp:pgg081@.com
    proxyAddresses: smtp:XXXXXXX.XXXXXXX@.com
    proxyAddresses: SMTP:XXXXXXX.XXXXXXX@.com
    streetAddress: #### Street
    targetAddress: SMTP:pgg081@.com
    extensionAttribute1: 09/29/2016
    extensionAttribute2: WA425
    extensionAttribute3: 928072
    extensionAttribute9: 2
    mailNickname: pgg081
    extensionAttribute15: E1
    name: pgg081
    objectGUID: TDQc4dnl+E6JklJSjy2UFw==
    userAccountControl: 512
    badPwdCount: 0
    codePage: 0
    countryCode: 0
    employeeID: 928072
    badPasswordTime: 131212944696718363
    lastLogon: 131227394817283227
    logonHours: ////////////////////////////
    pwdLastSet: 131199900244278587
    primaryGroupID: 513
    userParameters: bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgICAgUAkaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiKAgBQ3R4TWF4Q29ubmVjdGlvblRpbWXjgLDjgLDjgLDjgLAuCAFDdHhNYXhEaXNjb25uZWN0aW9uVGltZeOAsOOAsOOAsOOAsBwIAUN0eE1heElkbGVUaW1l44Cw44Cw44Cw44CwFggBQ3R4Q2FsbGJhY2vjgLDjgLDjgLDjgLASCAFDdHhTaGFkb3fjgLDjgLDjgLDjgLAiCAFDdHhLZXlib2FyZExheW91dOOAsOOAsOOAsOOAsCoIAUN0eE1pbkVuY3J5cHRpb25MZXZlbOOIsOOAsOOAsOOAsBgIAUN0eENmZ0ZsYWdzMeOAsOOBpeOAsOOAsQ==
    objectSid: AQUAAAAAAAUVAAAAeC6dE4B49TGCi6YoNWoHAA==
    comment: <root created="2016.09.28 03:10:10:233" updated="2016.09.28 03:10:10:233">
    <QPM storageVersion="5" productVersion="5.6.2.6903" encrypted="true" encryptAlgorithm="TripleDES" keylen="192" hashAlgorithm="sha256" created="2016.09.28 03:10:10:233" updated="2016.09.30 18:52:29:156" realmId="E5DE6E680BC824519C4AAB1CA837B93ADB4C45A5766E6D93B613FD4500E2640F">
    <data created="2016.09.28 03:10:10:218" updated="2016.09.30 18:52:29:156">
    <public>
    <settings group="general" />
    <settings group="questionAnswerProfiles">
    <profiles>
    <profile language="en-US" updated="2016.09.30 18:22:10:079" answersHashed="true" hashAlgorithm="sha256" configurationSetId="21fc18b7-8b53-4da8-b261-326ce7d07e55" minAnswerLength="7" profileLockExpires="0001.01.01 05:00:00:000" />
    </profiles>
    </settings>
    <settings group="userNotifications">
    <setting name="notificationSettings">
    <items>
    <item name="ManageQAProfile" onSuccess="true" onFailed="true" />
    <item name="UserResetPassword" onSuccess="true" onFailed="true" />
    <item name="UserChangePassword" onSuccess="true" onFailed="true" />
    <item name="UserUnlockAccount" onSuccess="true" onFailed="true" />
    <item name="ManageNotifications" onSuccess="true" onFailed="true" />
    <item name="UsePasscode" onSuccess="true" onFailed="true" />
    </items>
    </setting>
    <setting name="notificationSettingsSingleValued">
    <items>
    <item name="PasswordExpiration" subscribed="true" />
    </items>
    </setting>
    </settings>
    </public>
    <protected><[dZm5UCIrpFpvu8uJhkVlGnpKdCxObMJ8I1kmRIrJnkMCPZzr/Rf8YEprSQznJ3qGahqDJ5mJiQb/jOYBXs1jZWlsHWwa1xseMp3cVAF7JSaXQzMpCDc6q3lGbsSyovqa8yI0l8GE+x0ZotjoNZ09XxwSg3ysW2YkgYkgHsjKuOa0ilJo5D5MPPvf5JZ4M+r4FArhcCDgjG+lvL/ecgQb/NjssbkaUciYyCb0dGmjdgoin64Xa/kO2NSZQnEgObjd44dyt2rdpRsx49U/Z1Q91mDPtKaTzToRB5MKyBBFoYH4aOv4HvmDI5zY6hAmS/3szbPdx49IQwWUYHY5dOSB0PGuF2AbCvP0mxJoqtljoT4lhOlUPg2KSF/o8W3nFDCW6V4KiA9m/WYVOFBGoA5r6FNZ+yoaCYN/xGpMiWU87tMJwjM6eShD9v9dW99O/xcX0l+Jh0kgsj6llXWjOeW+as+gYdOVoooP1e0ph4J6yYooi65ejAaGFVfFG4Yv7FUkyRA89RhGos9sHUEAcqPLRmAM4hwarCtMC4mKmz5cuE4mELw+mO8Fbb1U9v1+jUrGRxwviZcEWaXQokSsyc4QHe4LW6tkE3cjQNjBmQ14pIlRlxVjxRIRQSfBa/uBb0XgUV8GvqakXNrVH5kGLBPYcCnOeCaJ5M487QU9WxFm5YtzKoyjW/ft7pFsKfosvcRrBGSWyRBe57EdFupWqHJCZnIjOxkQpD+UsS4FJTzxf4xbM0NPycCLutZ7SrK1GrKZign3tqkoHrHMLcTHmm80R2HQuRJH2U42B8724MOzNSu1UCSTnDBeYc1sUhvhxCn81SvTJfi9WXdu+CMDQcCCIt6+pyrLh5PFkmT/M0BN/Q9NYpaljkKUTmxL1FFLLylKaX6jsRu+YvRPNx5tvQu0yiD6zhzRMLU/PrwY7O+PeXlExNy/RB/G581pLp7eAa2Yh7phvfvMrgY8Mc+/2Jb4lYPYj8/7JbvRCpdm+sTw6GI2AKPDA9KFkOZEvoMZB3HMuEMACJiwhrfc/I4WcqLIkb/kpV0N56C/aa0z3E/5+nvidflp9ZKr+qwXfFV0ua6EkCZqqLC2XkAggAKWI3lMRprPwRDICEBPjk1xc4jn0Z09FFsUWxi1WGcuztKFI59MNfuOu6vUATipXkkYjBOV4nDto0n6nuI4QutLG7HfzUR4nmkfpQJ7MCncVebOwWfWu5QBa6i2c2sTjZR2+JQqCTNtWp3OTblD2RBBZD0dTmyvrM9PqHo95ftFWWK430hthq/v02FaYSxyERtmh/uzj2lmcOxvsBykij8rHUcN4hq8FU9RdwmiguQL9Xn6GYc8BSl3l+nkZDSKDidz2661pNyTYa7rb8adWybSjLmRw+l6F/fXXmvQlxSG3x4D1Drj0kfbm2hc62iQYRfiOQQK0y8AKGJblVYU9yCid0NoX4V9gYQNE9qer4H2CQex+ZM36xLAsv7BxuaFbhD0cIASs5LhHZ/PJuFLEEY1ApMp+J9v1J7CcpZLysiunvigrzdyMooOa1aSmvNOziARkMRseCicaVYd7Sb1c4nl257cV2ImO4rKygbgaQ0V7PXkSneneb9gsaoT5tK2LJ5dOZXLii6aCXKIdjfpYa8taZwYC5NYulxhO1iUTgrUn7MrBZBvzShtefD0L5gNsaP4ukSoply7ree4fMVD/C85wo8TE0izjGRbcKmpxjUiI2qFX7ghjKoDK+DBz4VLbXTLJUJlkwzt/kFjcIXFIC41qjr3p0OW6YQp7BgvFP+f6oBp98ClCVNxUkaGciSA2h2LRsOLZnvyJQ1F226NBqOf63EeBhcyitg0TDaNANh7oZHwtjEsUU5SRpnG+G7QXkhsoNS6Fw8iTjaJcsg5Nj20zrWsNiCk/r77qairF+JAIZxJDGeJnZLWla4hnZqQKSpwvmHc9SCY0rL/7w/YjP0A60djnTRafq/8nml5k9Y8TwkCmO+zHjPFvVSo+jddpOWmEi8NmXwtsW27iTbpcv+qGBR9QI97jlt3zkLPgmqLB8axoXQExn8rtbXNvAydHjvJn2GfB2OSXYLVunwUR5UmotnJCUDIrp9fOn1FpYdCv+QlQAmd9tFRxgg6ZUZb3x3CFhz4ilTZVAimMa5cI9k48G25epaGRjNLY9rg03717JqG7jYAND3EeSEIfBBsl9DFeCgXjbSZ43FGABDm0OcjdYiJ6T1SCtirIovlvnTwUGBOfU18qHTvs3F0Pbmku0AHIRI+tPAOkJX+BHSjDBf5FzF4/6Sw8sWsrhTtWz05Ozp8S1xZVQfzKYmhpHdkCp3nKIb83iXUzNfdYPHwrA7r6qc5K5ub/hMaDsVNypskofGqiluM0iuX4J4Z+gNMGvRalJchxORZczoR9jTbcFZk3/vbz5KHMkqvRa4fUv8Quq9CKzANbg4LmtqM0E0cpqS3tVKbSeQZ34dwrWONRf1xkSWphfnDcVntol1xEo8d+KQxjHs5ElFDfiG3/C/wDl9vBGaHLoLp3j/pQRyv+vxXAV1J5DnDPXXSJOONoBCWCFX8+kBALSkxM66nLYrQ8l8i2wNNGGcF6w1aaFtaHRe6vKVEHfj3++OnIJVt8KiiD7Zy1kGlLCNmHSvzAE8RyFzFqYEzapZcAmUEFYokqGoctaHn8VeezWTlsKGqUbvi28TfzTqWNhKpgWKzWix+YpFIjUWueLmWxHP8xWmu2N8ERQ92f8/P6JH/OcYNzadINDAnFkQEk9tbo3cGQokz7AYz3pfYYAzt6pfaiyF3FSQ4p5zhHbqyV8Etm7IQ26w5XPah6ZL3NVSePhdyYHdZkoFqhSVF/hfAvsBQ9cJCho9Ovfw++wJTcCpnpZvXb6ZBy4Gr3pdnDhxK7H0TFBbQwPZBH4lptBxfIlfARpklXPuHtljkgpi2qEkNqtm0yX2h6DgqJ6Xdr4RlhnxgyncMvFo2tx9TQ9l9y3p9xDl4iQX7w4TI02gN9osZJO4vabizBH89nH85bE0x25Q5mJlBzcM1+XrThIQLxRN8Lqv0h+79plnwJ+Gxk4ABe74G1gZfsuCSFsIeeAvu454+eigvnRkBtdfAgB2/2bmDRIycazU7N7KSgCX2FsYPkItS7vekq7e1tmf5qff1hLJGRZEWzY6uikphhjzyZX8SvqQCwUB4KUnorQMi+KosIIP3WmJQS6Q3yJwSXimm2UBHWZxQkKwWjCGLoGd3tdq1LgY8JfRRcL/FkuXiE33aVMre9RtSLxXpOg6NYKYBn0eykPE2LtUwTOkcdfI57EXJcERYn7tEBe6ZlgRkdpAIQm4XLql5jgM1J8kpGUT5BjP22bv23AuKxznlqdCWwoL+C+/KdGCqCoYYi1Y9Gy21Yt/k3oLNkwb5Um5yDneYiYZR5j4G9CmTlCuWQDjpGIlelISijxgP+vHQTr5GuRQR+O3mOqQgAGhWJiKplUDBYolmtPDf6hgFJ2M/udI6koQJqHF4iP3xqnrHi4idu3Vkqw2dWLcZ4CQwuBfgEVr/G/zCVzEMFPt33YqG9BbvMqjLPyc6Nl9cQCLO+Z8JVJUnKEkCsLUqUkWwel+TOVUAXyXk7ZHO99WJNPQgdr2mr1KADPqffGKMV/QEwu0ca1v/kp4XYONHKED7vjgB7LKNf+sr3vm14ybCHlBu7YPinxFe9fRIXYfPwejlfM0hY9Wwvq3mdmjjHcZoX2j7EqNfVPeuK+TpV5yRoRA2m2s6rVL3/CgAxDHwVSoVTAjkEGXn2dH3Isfne/AQLNVu6M38O93xlSxzsNBaHYqgz80Vher/eDUvt2lgtVL+RAX7TXF3UBXb6WhQp1JyWtXB1EELe+1M8Sk=]]></protected>
    </data>
    </QPM>
    </root>
    accountExpires: 131274612000000000
    logonCount: 194
    sAMAccountName: pgg081
    sAMAccountType: 805306368
    showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=AAAAAAAAA,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=pvt
    legacyExchangeDN: /o=AAAAAAAAA /ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=2090e904e69a46f3b550550cce09bb4e-
    userPrincipalName: pgg081@.com
    lockoutTime: 0
    objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=pvt
    msNPAllowDialin: FALSE
    dSCorePropagationData: 16010101000000.0Z
    lastLogonTimestamp: 131223976613508332
    textEncodedORAddress: X400:C=US;A= ;P=AAAAAA Communi;O=ROCHESTER;S=XXXXXXX;G=XXXXXXXXX;
    mail: XXXXXXXX.XXXXXXX@.com
    manager: CN=BBBBBB,OU=New York,OU=People,DC=corp,DC=pvt
    mobile: ###-###-####
    uidNumber: 1386540765
    gidNumber: 10000
    unixHomeDirectory: /home/pgg081
    loginShell: /bin/bash
    msExchPoliciesIncluded: eef2b890-901f-4e95-9408-dfa5e22976d8
    msExchPoliciesIncluded: {26491cfc-9e50-4857-861b-0cb8df22b5d7}
    msExchUMDtmfMap: reversedPhone:###########
    msExchUMDtmfMap: emailAddress:############
    msExchUMDtmfMap: lastNameFirstName:###############
    msExchUMDtmfMap: firstNameLastName:#############
    msExchRecipientDisplayType: -#########
    msExchVersion: 88218628259840
    msExchRecipientTypeDetails: ##########
    msExchRemoteRecipientType: 1
  • In reply to stanley.bostik:

    Understand, we have many customers that are using the product in mission critical environments.  One note, is that AIX 5.3 is supported with the newest clients.  That list can be found by going to the Authentication Services site and then Specifications --> Unix Agents - supported platforms.

  • In reply to stanley.bostik:

    Hi Stanley,

    Can you tell me what version of AIX this is and what exact version of the product you have as well.

    This will give you the version.
    /opt/quest/bin/vastool -v
  • In reply to Leigh Grant:

    Hello Leigh,

    I put this info in the very top thread but here it is again with more specifics:
    root@inghem01:/ # oslevel -s
    5300-12-05-1140
    root@inghem01:/ # vastool -v
    vastool: VAS Version 3.5.2.12
    Copyright (c) 2009 Quest Software, Inc. All Rights Reserved.

    We are aware these are both old unsupported versions but with the exception of this one issue the environment has been stable. It is also slated to be refreshed within the next year making spending cycles to upgrade not a focus. Just need to figure out a current fix or workaround for this one user.

    Thanks,
    Stan
  • In reply to stanley.bostik:

    Thank you Stanley,

    The specific VAS Version has proved helpful. I think you are running into a defect in that version. Based on the description and sequence of events it looks like this one might be responsible.

    3.5.2.33

    Bug 20516:
    * override: When an overridden user is deleted from the cache, then re-added,
    their override no longer applied. This has been fixed.

    The workaround for this would be to unjoin, ensure the caches are removed and then rejoin.

    Please let me know if you have any additional questions.

    Leigh Grant