Issue
When a User is a Member of a Group on the Production Server that has Read Access to Archived Objects (Group is on the Archived Objects ACL) they are not able to Search them on the Archive Server. Group Memberships are not being Synchronized with the Archive Server if New members are added after the Object was Archived.
For example: A User that should have access to a document or collection on the Archive Server will have no access to the Object on the Archive Server since the User is not in the Group on the Archive Server.
Replication steps:
1. Create a Document called “Customer Test†whose Access Control List (ACL) is restricted to a Group. ( Example: Group-31)
2. Group-31 contains 2 Members. (Example: User-2 and User-131)
3. Archive the Document as User-2 .
4. Add a New User to Group-31 on the Production Server. (Example: User-132)
5. Now Group-31 contains User-2, User-131 and User-132.
6. Logon as User-132 then Archive a Document so that user is added to the Archive Server.
7. Try to Search the Archive Server for Customer* and the search results will have 0 hits.
8. If you view the ACL for the Archived Document , Group-31 is listed with Read Access but it does not contain the new user (User-132) since that user was added after the Document was Archived.
Solution
To Correct the problem we need to Stop Both Servers and restart them in the proper sequence.
1. Start Archive Server First - ensure its fully up and running
2. Start Main Site after the Archive Server is fully up and running.
3. Once both Servers are running any broken groups need to be updated to force the synchronization to happen again.
a. Remove a user that was not synchronized from the Main Site’s group and Apply the change.
b. Add the user back to the Group on the Main Server and Apply the change.
c. The user should now be a member of the Group on Both Main Site (Archive Client) and the Archive Server.
Note: All users in the group should be synchronized and updated when the group membership changes. Therefore, you should only need to remove and re-add one user per non-synchronized group.
Solution Published: January 19th, 2012
Solution ID: 1028