Re: Group Membership Problem
- From: "TB" <TB@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Aug 2005 21:09:04 -0700
How would I go about fixing this?
"Ace Fekay [MVP]" wrote:
> In news:320613AF-DF84-4499-A22E-AD79204945AD@xxxxxxxxxxxxx,
> TB <TB@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then commented
> about below:
> > I am having an issue with one of my domains not receiving updates
> > from the parent domain. Here is my setup:
> >
> > domainA --- DomainB (child)
> > |
> > Domain C (child)
> >
> > Domain A is The parent Windows 2000
> > Domain B is the Child Windows 2000
> > Domain C is the Child Windows 2003 mixed
> >
> > Domain C does not show updated membership info from A, however it
> > does allow access to a resource if I add a name. When I look at a
> > users member of tab it only shows groups of the local domain, not
> > groups from Domain A. Domain B is fine.
> >
> > Please help.
> >
> > thanks
>
> It's not working because of the way the forest was upgraded. The forest root
> DCs must be first upgraded to Win2003 prior to upgrading any child domains.
> Specifically, the machine holding the Domain Name Master and PDC Emulator
> role in the forest root domain must be done first, and this is after adprep
> /forestprep and adprep /domainprep have been run on the forest root domain.
> Then adprep /domainprep must be run on each domain prior to upgrading the
> 2000 DCs in those domains.
>
> This is taken from the link I provided in the bottom of my post:
>
> The following computers must be among the first domain controllers that run
> Windows Server 2003 in the forest in each domain: . The domain naming master
> in the forest so that you can create default DNS program partitions.
> . The primary domain controller of the forest root domain so that the
> enterprise-wide security principals that Windows Server 2003's forestprep
> adds become visible in the ACL editor.
> . The primary domain controller in each non-root domain so that you
> can create new domain-specific Windows 2003 security principals.
>
>
>
> 325379 - How to Upgrade Windows 2000 Domain Controllers to Windows Server
> 2003:
> http://support.microsoft.com/?id=325379
>
>
> Unfortunately, I think you now have your work cut-out for you.
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>
>
>
>
.
- Follow-Ups:
- Re: Group Membership Problem
- From: Ace Fekay [MVP]
- Re: Group Membership Problem
- From: gordonah
- Re: Group Membership Problem
- References:
- Group Membership Problem
- From: TB
- Re: Group Membership Problem
- From: Ace Fekay [MVP]
- Group Membership Problem
- Prev by Date: Re: Firewall inside the LAN port help
- Next by Date: Failed to create ShortCut Trust duo to PDC error
- Previous by thread: Re: Group Membership Problem
- Next by thread: Re: Group Membership Problem
- Index(es):
Relevant Pages
|
