Re: Filtered Sid

---

• From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
• Date: Thu, 19 Jun 2008 21:53:18 +0200

---

to do you have the event in question? every info from it (ID, source, description, etc)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jeff Courteau" <JeffCourteau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7A5AC91F-B779-464F-8F35-A4AE0D0D0986@xxxxxxxxxxxxxxxx

The security log on the 2008 file server. However, if the file server is a
Windows server 2003 member of my 2008 domain, there is no problem at all...

Thanks!

Jeff Courteau



"Jorge de Almeida Pinto [MVP - DS]" wrote:

>>>The security log says that a SID has been filtered.

which security log? (which DC?, 2003 or 2008?)
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jeff Courteau" <Jeff Courteau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25DF7EB9-9C81-4913-8A2B-404BD5032562@xxxxxxxxxxxxxxxx
> Hi there,
>
> We just created a forest trust relationship between an AD2003 domain > and
> an
> AD2008 domain. We are experiencing a really wierd issue. Here it is:
>
> A user from the 2003 domain needs to have a permission to access a > shared
> folder on a member server of the 2008 domain. If we put the 2003 domain
> user
> in a 2008 local domain group and then give the permission to this group > to
> access the folder on the 2008 member server, it fails. The security log
> says
> that a SID has been filtered.
>
> If we explicitly give the permission to the same user on the same > folder,
> it
> is successful.
>
> If we put the 2003 user in a 2003 domain universal group, then put that
> universal group in the 2008 local domain group then give permission to > the
> local domain group on the 2008 file server, it still fails, and gives > the
> same security event.
>
> If we promote our 2008 file server as a DC, it starts to work. If we
> demote
> it back as a file server, it continues to work.
>
> - I compared ALL the local and domain policies, and everything seems > fine.
> - I made sure that SID filtering is disabled on the trust relationship
> (anyway, it shouldn't be a concern, since it is a forest trust)
> - I made sure SID History is enabled on the trust relationship (but > this
> too
> shouldn't be a concern since the user has not been migrated)
>
> What could I do next to troubleshoot this issue?

.

---

• Follow-Ups:
  • Re: Filtered Sid
    • From: Jeff Courteau

• References:
  • Re: Filtered Sid
    • From: Jorge de Almeida Pinto [MVP - DS]
  • Re: Filtered Sid
    • From: Jeff Courteau

• Prev by Date: Re: Unable to create AD objects...
• Next by Date: Re: Duplication of active directory environment?
• Previous by thread: Re: Filtered Sid
• Next by thread: Re: Filtered Sid
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Filtered Sid ... A user from the 2003 domain needs to have a permission to access a shared ... in a 2008 local domain group and then give the permission to this group to ... If we promote our 2008 file server as a DC, ... I made sure that SID filtering is disabled on the trust relationship ... (microsoft.public.windows.server.active_directory) Re: Filtered Sid ... The security log on the 2008 file server. ... Windows server 2003 member of my 2008 domain, there is no problem at all... ... in a 2008 local domain group and then give the permission to this group to ... (microsoft.public.windows.server.active_directory) Re: File server migration from Server 2000 cluster to server 2003 clus ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... to a server 2003 cluster file server. ... I did not set up DFS and I dont know if I can use the File Server Migration ... (microsoft.public.windows.server.migration)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2008-06