incognito module list_tokens question and add_group_user remark

[nyga at freemail.hu (Nagy Istvan)]

helo!

I was playing with the meterpreter shell especially with the incognito module. I would have some questions. 
First I describe what I did:

I have a dc, a member server, and an attacker machines. the attackers machine not a domain member of course.

On the DC I created a new user named a. I made this user the memeber of three groups: GlobalGroupofA it was a global 
group, DLGroupofA it was a domain local group, and UGroupofA yes, it was a universal group.

I started a notepad in the name of this newly created user on the member server.

Through an exploit I sent a meterpreter shell to the server machine, I become administrator.
I used the ps, and migrate command to go to the winlogon process, to get system right, It worked.

then I used the list_tokens -u command, I saw the user administrator, network service, local service, etc. and user a.

then I used the list_tokens -g command, I saw the usual groups like administrators, users, thisorganization (what is 
it? I doi not know, just see it always)
BUT I did SEE OLNY the UGroupofA not GlobalGroupofA neither DLGroupofA. 

Can anyone explain me why is this happens? why do I see with list_tokens -g the universal groups, but do not see global 
or domain local. Thanks in advance.




One more remarks, I also was playing withe the add_group_user command, it can also add a user to a universal group, not 
only to a global group, as it is mentioned on the help. one just has to use the -h nameorIP of the dc option.




________________________________________________________<br>-10% KEDVEZM?NY MINDEN rakt?ron l?v? AEG &#8211; ELECTROLUX 
&#8211; ZANUSSI h?ztart?si g?p felt?ntetett ?r?b?l!<br>S?t?+f?z?lap szettek &#8211; mosogat?g?pek &#8211; mos?g?pek 
&#8211; t?zhelyek &#8211; h?t?k ORSZ?GOS h?zhozsz?ll?t?ssal!<br>RENDELJ GYORSAN! &#8211; Az akci? 09.20-?n 24 ?r?ig 
tart! AEGshop.hu<br>http://ad.adverticum.net/b/cl,1,6022,350141,432510/click.prm