RE: Sid instead of user friendly names
- From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
- Date: Tue, 16 Jan 2007 08:08:17 GMT
Hi,
I suspect: Policies on the Windows Server 2003 did not allow Anonymous SID
Enumeration and Windows Server 2003 by default when tries to contact a
Windows 2000 Domain through an external trust will try to use Anonymous SID
Enumeration.
There are two alternatives:
1. To lower the policies to allow SID enumeration:
Network access: Allow anonymous SID/Name translation ENABLED
Network access: Do not allow anonymous enumeration of SAM accounts
DISABLED
Network access: Do not allow anonymous enumeration of SAM accounts and
shares
DISABLED
Network access: Let Everyone permissions apply to anonymous users ENABLED
Network access: Named pipes can be accessed anonymously ENABLED
Network access: Restrict anonymous access to Named Pipes and shares
DISABLED
2. To upgrade the Windows 2000 domain to Windows Server 2003, then raise
the
functional levels of both forests to Windows Server 2003 and create a
Forest trust.
Hope this helps.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
03:56:33 GMT)From: activedirtech@xxxxxxxxx
Newsgroups: microsoft.public.windows.server.migration
Subject: Sid instead of user friendly names
Date: 15 Jan 2007 19:56:26 -0800
Organization: http://groups.google.com
Lines: 12
Message-ID: <1168919786.620274.53100@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 72.194.90.242
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1168919793 12675 127.0.0.1 (16 Jan 2007
rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1,gzip(gfe),gzip(gfe)X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Tue, 16 Jan 2007 03:56:33 +0000 (UTC)
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!msrtrans!Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: a75g2000cwd.googlegroups.com; posting-host=72.194.90.242;
posting-account=8LC-oA0AAAD9gScOSwP0krJt0SyG7kkp
Path:
news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews.google.com!a75g2000
cwd.googlegroups.com!not-for-mail
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.migration:301
X-Tomcat-NG: microsoft.public.windows.server.migration
I have 4 dc 2 in new domain and 2 in old domain. These domains have 2
way trust and you are able to map to a drive access admin shares in
both domains. But when i try to allocate a resource to the incoming
domain. It accepts it as the user friendly name but when you save it
comes up as the sid. I get the user friendly name when i do it on the
flip side. Please help. The error i am getting is "some of the object
names cannot be shown in their user friendly form, this can happen if
the object is from an external domain and that domain is not available
to translate the object name.
Thanks
.
- References:
- Sid instead of user friendly names
- From: activedirtech
- Sid instead of user friendly names
- Prev by Date: RE: Windows 2003 Sids instad of user friendly names
- Next by Date: RE: Post ADMT Tasks & Pre-Windows 2000 group
- Previous by thread: Sid instead of user friendly names
- Next by thread: Windows 2003 Sids instad of user friendly names
- Index(es):
Relevant Pages
|
