RE: Adding AD Account to NT Global

From: Jack Wang [MSFT] (jackwa_at_online.microsoft.com)
Date: 01/25/05

Next message: Rebecca Chen [MSFT]: "RE: I desperately need reccerts.exe can someone help?"
Previous message: Richard Hall: "RE: Migrating W2k3 to new W2k3 Domain"
In reply to: TagaR: "RE: Adding AD Account to NT Global"
Next in thread: TagaR: "RE: Adding AD Account to NT Global"
Reply: TagaR: "RE: Adding AD Account to NT Global"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 25 Jan 2005 08:59:46 GMT

Thank you for the update. If I am correct, you would like to set
permissions for some accounts in the Windows Server 2003 domain from a
member server in the Windows NT domain. If so, I suggest you use the
following method.

1. Create a group in the Windows Server 2003 domain and add the accounts to
it.

2. On the member server of the Windows NT domain, use the group of the
Windows Server 2003 domain directly to set permissions. Since you have
created two-way trusts, you should have the option to do so.

If I have misunderstood your concern, please let me know your goal in
detail. As for the pes file, you need to recreate it since the target
domain is changed.

Hope this helps!

Sincerely,
Jack Wang, MCSE 2000/2003, MCSA 2000/2003, MCDBA, MCSD
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Adding AD Account to NT Global
| thread-index: AcUCQFg1xst9gSx+SFicG1mysxSoaw==
| X-WBNR-Posting-Host: 208.181.95.110
| From: "=?Utf-8?B?VGFnYVI=?=" <TagaR@discussions.microsoft.com>
| References: <B843756D-03A3-4A60-B6EE-41E1C48AFF19@microsoft.com>
<1DiF0OeAFHA.644@cpmsftngxa10.phx.gbl>
| Subject: RE: Adding AD Account to NT Global
| Date: Mon, 24 Jan 2005 10:13:03 -0800
| Lines: 35
| Message-ID: <3AF402DF-D52E-44F4-B987-D0E2E57EC781@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.migration:16780
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Hi Jack,
|
| Thanks for your reply. I have follow-up questions below.
|
| "Jack Wang [MSFT]" wrote:
|
| > Hi
| >
| > Thank you for posting!
| >
| > Please refer to the following information for your questions.
| >
| > 1. You may add an account or group from Windows Server 2003 domain to a
| > local group in the NT4 domoain. The global group can be added in a
group of
| > the Windows Server 2003 domain. Local group in NT4 domain is used to
add
| > accounts from other domains while global group is used to be added in
other
| > domains.
|
| The local group in NT is only accessible within the controllers and can't
be
| assign permission to resources on member servers that's why they are in
| global. I can assign them to w2k3 local group only but not to a global or
an
| account. I guess if this is the case, I don't have a way around it? The
| global groups we have are used to assign permissions to ERP users.
|
| > 3. There is no difference to migrate users from NT4 domain to a child
| > domain except that the user accounts will be created in the child
domain's
| > AD database. However, if you have migrated the users to the Windows
Server
| > 2003 root domain, it's not neccessory to do it again.
|
| I have already done some successful migrations from nt4 to w2k3 root
domain.
| And I need to migrate some of the accounts from nt4 to child domain.
SHould I
| create again a pes file from my child domain target and install it to the
nt4
| source domain?
|
|
|

Next message: Rebecca Chen [MSFT]: "RE: I desperately need reccerts.exe can someone help?"
Previous message: Richard Hall: "RE: Migrating W2k3 to new W2k3 Domain"
In reply to: TagaR: "RE: Adding AD Account to NT Global"
Next in thread: TagaR: "RE: Adding AD Account to NT Global"
Reply: TagaR: "RE: Adding AD Account to NT Global"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: What server hardening are you doing these days?
... > permeates all things windows. ... > an NT box by denying LocalSystem permissions to certain files. ... remove user accounts, access raw block devices, etc. ...
(Focus-Microsoft)
Re: File/directory permissions
... although you have Windows 2000 you may be interested ... to know that Windows Server 2003 can now show the behavior you are ... coming from a Netware background). ... >> projects will have the right permissions by default. ...
(microsoft.public.win2000.security)
Re: NT4 to W2K3 Migration
... Windows 2k3 domain automatically after you migrate computers successfully. ... Windows Server 2003 Active Directory Domain Rename Tools ... If we migrate all the computer accounts and user accounts in NT ... |> to the new child domain successfully, it needs not to rejoin the all the ...
(microsoft.public.windows.server.migration)
Re: Install Permission
... All of our accounts are Windows NT 4.0 Domain accounts; ... applications is to either make them Domain Admins or to add their Domain accounts to the local Administrators group on their ... Set, View, Change, or Remove Special Permissions for Files and Folders in Windows XP ...
(microsoft.public.windowsxp.security_admin)
Re: event viewer
... Why even bother with regedt32 in XP? ... [[In Windows XP and Windows Server 2003, ... > Check to see if the Local System has read permissions ...
(microsoft.public.windowsxp.configuration_manage)