Re: Calling the AD users from NetBios over TCP
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 06/17/04
- Next message: Ace Fekay [MVP]: "Re: People on LDAP"
- Previous message: Ace Fekay [MVP]: "Re: How many DFS Root can we have per Domain?"
- In reply to: Nick Brandson: "Calling the AD users from NetBios over TCP"
- Next in thread: Herb Martin: "Re: Calling the AD users from NetBios over TCP"
- Reply: Herb Martin: "Re: Calling the AD users from NetBios over TCP"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 16 Jun 2004 23:38:25 -0400
In news:6351D4DE-E2BB-4610-9042-6D8FB5E81C87@microsoft.com,
Nick Brandson <Nick Brandson@discussions.microsoft.com> posted their
thoughts, then I offered mine
> hi all,
> I got a security solution, installed on Windows 2003 and AD is
> running on Windows 2000 Native mode, that needs to import the user
> accounts from my Domains, I have many child domains that belonged to
> the same tree. It can get those user account thru enabled "NetBios
> over TCP" in TCP/IP and I can retrive those users from the child
> domain which my server already joined. However, having problems when
> we tried to access other child domain, it failed "Saying no
> permission or something". Tried to access a printer in other child
> domain and it could print successfully.
>
> 1. Are all child domains "trusted" each other by default? otherwise,
> how we can set up the trusted for my domain/AD?
>
> 2. Does "NetBios over TCP" works for more than one child domain?
>
> 3. Is it a security control in the AD?
>
> 4. Is it because of the mode we are using for AD? Mixed, Native
> 2000, Native 2003
>
> 5. my security solution is using NTDOMAIN:\\Mydomain to locate my
> user information, if there's any setting we can make in the AD config
> that allow that traffic?
>
> Any ideas much appreciated.
>
> thanks
> Nick
In addition to Herb's comments, there's a setting in the Local Security
Policy on W2k3 machines that are forcing signed packets. You may want to
disable that.
Go into your Def DC Policy, under Local Policies, Security Options, the
setting is called:
Microsoft Network Server: Digitally Sign Communication (always): ENabled.
Disable that.
If you're infrastructure is subnetted, make sure you do NOT disable NetBIOS
anywhere and ensure your WINS topology is functioning correctly.
-- Regards, Ace Please direct all replies to the newsgroup so all can benefit. This posting is provided "AS-IS" with no warranties and confers no rights. Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP Microsoft Windows MVP - Active Directory HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Next message: Ace Fekay [MVP]: "Re: People on LDAP"
- Previous message: Ace Fekay [MVP]: "Re: How many DFS Root can we have per Domain?"
- In reply to: Nick Brandson: "Calling the AD users from NetBios over TCP"
- Next in thread: Herb Martin: "Re: Calling the AD users from NetBios over TCP"
- Reply: Herb Martin: "Re: Calling the AD users from NetBios over TCP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
