Re: Weird post ADMT Problem....accesing old file shares.

Tech-Archive recommends: Speed Up your PC by fixing your registry

Colin,
Any chance you have conflicting permissions (Access Denied) assigned to the
user from DomainA (or one of the groups this user is a member of) on your
existing shares?

hth
Marcin

<colin.laurie@xxxxxxxxxxxxxx> wrote in message
news:d358e9f5-4ede-4378-9275-eb73f82fe1f7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All.

I have two 2003 domains with an external trust. That has been in place
for some time. All fine.

I have domain A (target) and domain B (source). I am starting to test
migrating groups from domain B to A.

I have used ADMT with SID History enabled to migrate groups from B to
A. This seems to have worked fine.

Some of the groups from Domain B (source) have NTFS permissions
assigned on file shares on that domain, domain B.

As my groups that i have migrated from domain B now exist in the
target Domain A, i should therfore be able to add users from Domain A
to the migrated group from Domain B - This will allow me to continue
to access a file share resource in Domain B.

To test this i log on to a computer in Domain A and try to access a
file share in Domain B. The logon account is a member of the correct
group. The result is that this wil fail, with an access denied error.
However if i create a new share (instead of using an existing share)
and permission it corectly i can access this share.

So, to summarise it seems that the SID history is only wortking when
attempting to connect to a newly created folder/share but for some
reason not on existing/older folders.

I am totally stumped with this one.

Any suggestion will be appreciated, thanks in advance!

Colin.


.

Relevant Pages

  • Re: Changing groups
    ... pleaderb, sue, frank, ed are members of group projectb ... Everyone is a member of group user. ... depending on the file's permissions they can read and write the ... I do this all the time, using Samba. ...
    (Debian-User)
  • Re: Outside Users RDP into WS2008???
    ... Name it DL-Consultants ... Assign permissions on a resource to domain local group '. ... add any user account belonging to your consultants to become member of G-Consultants group. ... End disconnected session: ...
    (microsoft.public.windows.server.general)
  • Re: How to remove a user from a mail group (Tried to search...)
    ... If you're using Distribution Groups, these cannot show up in any ACLs ... If it is a Security Group, you'll need to figure out the what different ... resources the group could have permissions on. ... I go to "member of" tab. ...
    (microsoft.public.exchange.admin)
  • Re: How to use a Group Distribution list inorder to send and received messages
    ... In the Permissions list, locate Send As, and then click to select the ... permission of the user account that is a member of one of administrative ... groups will be reset to match the ACL of the AdminSDHolder thread. ... Directory domain controller that holds the primary domain controller ...
    (microsoft.public.exchange.admin)
  • Re: How to use a Group Distribution list inorder to send and received messages
    ... In the Permissions list, locate Send As, and then click to select the ... permission of the user account that is a member of one of administrative ... groups will be reset to match the ACL of the AdminSDHolder thread. ... Directory domain controller that holds the primary domain controller ...
    (microsoft.public.exchange.admin)