RE: Problem with NT4 domain trusting W2003 domain
- From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
- Date: Wed, 20 Jul 2005 10:47:38 GMT
Hi Franz,
Thank you for posting here.
I have tested your issue on my side. I have performed the steps as you
said: one way trust and use different password of"NT4Domain\administrator"
and "W2K3domain\administrator". But I still can select the Windows 2003
domain in the NT4 ACL Editor. So I'd like to give some suggestions as below:
1. For your situation, I'd like to suggest you re-create the one way trust
relationship to see the efforts. Please follow the article as below to
confirm that the trust relationship is configured successfully.
325874 How to establish trusts with a Windows NT-based domain in Windows
Server
http://support.microsoft.com/?id=325874
Furthermore, you may try to establish a two way trust to see if this issue
happens again.
2. Because Windows 2003 enhanced system security, I suspect there may be a
group policy denied the NT4 Authenticate to get the list of users/groups.
So please help me confirm that whether you can access resource on Windows
2003 server from Windows NT server with the same user. If you also cannot
access the resources, I'd like to suggest you check Group Policy of Windows
2003 side. Please run "gpresult -z >gplog.txt" and send me the log. I'll
try to perform research on it.
Best regards,
Vincent Xu
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
--------------------
| From: "Franz Schenk" <franz.schenkNOSPAM@xxxxxxxxxxxxxxxx>
| Subject: Problem with NT4 domain trusting W2003 domain
| Date: Tue, 19 Jul 2005 17:08:24 +0200
| Lines: 29
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| Message-ID: <u0xnOOHjFHA.3936@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.migration
| NNTP-Posting-Host: mail.fitit.ch 81.6.6.11
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11305
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| Have established a one way external trust from an NT4 ressource domain
| trusting a Windows 2003 domain. Trust built successfully and trust
| validation is ok.
|
| The problem is that when granting Users of the Windows 2003 domain NTFS
| permissions on files on the NT4 server, it's not possible to browse the
| users/groups of the Windows 2003 domain. When selecting the Windows 2003
| domain in the NT4 ACL Editor and select the Windows 2003 domain, there is
an
| "access denied" error message. But grant NTFS permission by exactly
| specifying the Windows 2003 domain\username works fine.
|
| Have then enabled failure auditing in the Windows 2003 DC and found that
the
| NT4 server tries to authenticate with the "NT4Domain\administrator"
account
| for getting the list of users/groups of the Windows 2003 domain.
|
| Have the "Everyone" object in the "pre-windows 2000 compatible" group in
the
| Windows 2003 domain.
|
| When specifying the same password to the
"Windows2003-domain\administrator"
| than to the "NT4domain\administrator, the problem does not occur and
| browsing the Windows 2003 domain in the NT4 ACL Editor works fine, but
this
| is not a permanent solution for us.
|
| Any advice?
| Thanks in advance for any help!
|
| Franz
|
|
|
.
- Follow-Ups:
- Re: Problem with NT4 domain trusting W2003 domain
- From: Franz Schenk
- Re: Problem with NT4 domain trusting W2003 domain
- References:
- Problem with NT4 domain trusting W2003 domain
- From: Franz Schenk
- Problem with NT4 domain trusting W2003 domain
- Prev by Date: Re: Workstation migration
- Next by Date: Re: Problem after migration done
- Previous by thread: Problem with NT4 domain trusting W2003 domain
- Next by thread: Re: Problem with NT4 domain trusting W2003 domain
- Index(es):
Relevant Pages
|
