Re: AD2003 and NTBDC permissions issue
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 12/11/04
- Next message: JMencias: "Re: ADAM with .NET 1.1 SP1"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: ADAM with .NET 1.1 SP1"
- In reply to: Jim: "AD2003 and NTBDC permissions issue"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 11 Dec 2004 10:12:01 -0500
In news:OgsVr6v3EHA.1192@tk2msftngp13.phx.gbl,
Jim <jim@nospam.minntech.com> made a post then I commented below
:: We recently upgraded our NT4 domain to AD2003. We are in native mode
:: for domain functionality and interim mode for forest fuctionality.
:: We have one NT4 BDC left that shows up as a domain controller in
:: ADU&C. I have report by a few people that they have not been able to
:: browse anything on this BDC server. All of the people who have been
:: using are still using it okay. Recently, I had to give a new
:: employee rights to access a shared resource on that server. I added
:: him to a Global Security group but he still didn't have access (he
:: gets a popup authentication box when UNCing to the share). So I
:: tried to add him individually to the NT permissions on the NT4
:: server. It would not let me add him. I added him but when I went
:: back in to check it he was gone. I tried adding a group and the same
:: thing happened. It seem to add okay (no errors) but then I go back
:: in and it is not there.
::
:: Any ideas?
::
:: Jim
The thing I see is if the domain is in Native Mode (whether 2000 or 2003
levels), and this server is in this domain, then it won;t be able to
understand the way groups are defined, since their functionality changes
with mode. For example, group nesting comes into play, which is not an NT4
feature. The domain and forest both need to be in Interim level for an NT4
BDC to be able to participate. Since the domain is already in Native mode,
your best bet it to either upgrade the box or remove it from the domain,
because functional levels can't be changed backwards.
Here's some reading on itL
322692 - HOW TO Raise Domain and Forest Functional Levels in Windows Server
2003:
http://support.microsoft.com/?id=322692
Domain and forest functionality:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/datacenter/sag_levels.asp
New Active Directory Features in Windows Server 2003, Part 1:
http://www.serverwatch.com/tutorials/article.php/2213281
-- Regards, Ace G O E A G L E S !!! Please direct all replies ONLY to the Microsoft public newsgroups so all can benefit. This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft Windows MVP - Windows Server - Directory Services Security Is Like An Onion, It Has Layers HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Next message: JMencias: "Re: ADAM with .NET 1.1 SP1"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: ADAM with .NET 1.1 SP1"
- In reply to: Jim: "AD2003 and NTBDC permissions issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
