Re: Strange Active Directory Behavior (Authentication and Permissions)
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 10/23/04
- Next message: ptwilliams: "Re: What Newsreader???"
- Previous message: ptwilliams: "Re: Users profiles on DFS share?"
- In reply to: Ticker: "Strange Active Directory Behavior (Authentication and Permissions)"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 23 Oct 2004 14:10:24 +0100
Well that does seem strange ;-)
If subdomain a is fine and sudomain b is not, look to name resolution. As
access is dependent on group memberships across a trust which heavily relies
on a GC and of course, therefore, DNS.
Ensure name resolution (SRV records not A records) are OK, and then check to
make sure that replication is fine. It Could be an issue with GC.
Then think about how you are trying to grant access based on the scope and
type of your groups.
Perhaps you could come back to us with some more information??
-- Paul Williams http://www.msresource.net http://forums.msresource.net ______________________________________ "Ticker" <Ticker@discussions.microsoft.com> wrote in message news:87C1FAE1-05EF-44CC-96DB-D7C6005C2848@microsoft.com... Hello, we have a strange problem and are desperate for help. We have a Windows 2000 AD environment in which there is one root level domain and two child domains. One child domain is working perfectly fine, the other one is causing major headaches. I'll call the root domain root.domain and then sitea.root.domain and siteb.root.domain. What we're trying to do is have users log in to root.domain with their root.domain account and then do something simple like create a file or folder on a member server in the siteb.root.domain space. Everything has been set up; we can go to the member server and set permissions on the folder so that the root.domain user will have full permission to the resource. So, accounts are pulling over fine. In fact, for some users have absolutely no problems. The issue seems to follow user accounts. But, the user accounts having access problems are set up EXACTLY the same as the one's that are not. Not just in Active Directory, but also at the file and folder permissions levels on the member server. What happens is, the user will simply get an access denied error message when trying to access the folder. I have also seen some users that are able to open the folder up, but then they can't create folders or files inside the folder. Again these users have the same permissions on the folder as myself which btw I have not yet had a problem. We have even gone so far as to grant the users with problems domain admin privilges in siteb.root.domain. The only reason I mention sitea.root.domain is because we actually have another child domain working, as far as I know, perfectly. Any advice would be greatly appreciated.
- Next message: ptwilliams: "Re: What Newsreader???"
- Previous message: ptwilliams: "Re: Users profiles on DFS share?"
- In reply to: Ticker: "Strange Active Directory Behavior (Authentication and Permissions)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
