I am currently running DNN 4.7 with AD Authentication on a production server.  I have many  DNN portals running all using AD Auth. It has been working great for 1.5 years then last Thursday (May 1st  2008) one of the instances stopped sync'ing roles so everyone using that security role could no longer login. I had other security roles on that same portal instance continue to work so this obviously points some change made to those roles on the AD side of the fence, not the DNN side.

I do not have access to admin the AD roles so I always go through a Sys Admin to do so. My question is what do I tell him to look for specifically? 

I told him another security role that was still sync'ing correctly to compare against and he stated they looked the same as far as settings. I also did the obvious and double checked the names of the roles had not changed. The network environment has many AD servers so could of a MS patch messed it up -  I assume not since the other instances are still working correctly.

Any guidance would be much appreciated.

PS: For now I turned off Sync Roles on that portal and created a script to add them back.

Craig

Craig, I just posted a new beta with new role sync code. Could you test it and let me know if it works (http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/89/threadid/229419/scope/posts/Default.aspx)

You shouldn't have to switch them. I just checked mine on my test domain at home and all the groups are Global. I'd give the beta a try first to see if the groups now get sync'd first and then go from there.