Re: SID filter between a W2k and a W2k Domain
- From: "Thorsten" <fussi@xxxxxx>
- Date: Tue, 23 Sep 2008 08:48:15 +0200
Hello Meinolf,
I created a W2k Test Domain this morning and I did a trust between the W2k
and the W2k3 domain. Now I have a W2k domain with two trusts, one with a
W2k3 and one with a W2k8 domain. Both trust a unidirectional trust form the
W2k domain outside.
Now I used the command "netdom trust <trusting domain> /domain:<trusted
domain> /FilterSIDs:no" for the W2k3 domain and the command execute
successfully. Then I tested it with the W2k8 domain, the result of the
command was "Access denied".
I think something ist other on the W2k8 DC. The firewall on the W2k8 DC ist
for the domain profile disabled.
What could I test to solve the problem?
kind regards
Thorsten
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667cb48caeae1590e5a30@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
RESDOM is resource domain and ACCDOM the other one. Check out this article
about the needed rights for enabling and also disabling SID filtering in
the domain:
http://technet.microsoft.com/en-us/library/cc773319.aspx
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
sorry, I used this parameter "FilterSIDs:no", because this netdom
version
did not understand the other parameter. But what should I say: I got
the
message "Access denied".
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667ca78caeade5c97d670@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
For Windows 2000 use this example (the RESDOM domain is filtering the
ACCDOM domain):
Check out this one to disable SID filtering: netdom trust RESDOM
/D:ACCDOM
/UD:ACCDOM\Administrator /PD:adminpwd /UO:RESDOM\Administrator
/PO:adminpwd /filtersids:no
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I got a error meesage that a procedure is wrong on the kernel32.dll.
I
could
not/should not replace the dll, or not? ;-)
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667c938caead907d44290@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
Try out the 2003 tools:
http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-abd
1-
981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
I found this acrticle this morning, too.
I had have do all Points from Akila without the Point 5. I had
only a one way trust from the W2k to the W2k8 Domain. Now I have
changed the configuration and I have a bidirectional trust between
the domains. On the Point 6 of the Posting I should diable the SID
Filter, but this does not work at my environment.
I found a posting that it could be the netdom version on the W2k
DC, but the netdom version from the W2k8 does not work on the W2k
DC.
Kind regards
Thorsten
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667c7a8caead43f346260@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
Have a look on this posting if you are using ADMT or NetIQ DMA
and Quest Migration Manager tools:
http://www.petri.co.il/forums/showthread.php?t=26101
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
I got a "Access denied"
If I insert a wrong password I got the message "password wrong"
The
user has Domain/Enterprise Adminrights. The DNS settings are
correct,
I can make a nslookup for the destination domain on the source
domain.
Best regards
Thorsten
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667c6e8caeacdc99a1690@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
What output comes with this command:
Netdom TRUST trustingdomain /domain:TRUSTEDDOMAIN
/quarantine:no /usero:useraccount/passwordo:password
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello,
We are planning to do inter-forest users and group migration.
Now we have a trust between the W2k and the W2k8 Domain. The
SID Filter on the W2k Domain ist eneabled and if we use the
comannd "Netdom TRUST <TrustingDomain> /domain:<TrustedDomain>
/FilterSIDs:No /userD:<domainadminAcct>
/passwordD:<domainadminpwd>", we got a "Access Denied". The
user on both Domains are Domain- /Enterprise Admins. How can
we disable the SID-filter between a W2k and a W2k8
inter-forest trust?
Thanks.
Thorsten
.
- Follow-Ups:
- Re: SID filter between a W2k and a W2k Domain
- From: Meinolf Weber
- Re: SID filter between a W2k and a W2k Domain
- References:
- Re: SID filter between a W2k and a W2k Domain
- From: Thorsten
- Re: SID filter between a W2k and a W2k Domain
- From: Meinolf Weber
- Re: SID filter between a W2k and a W2k Domain
- Prev by Date: RE: Server 2000 - 2003 Migration
- Next by Date: Re: SID filter between a W2k and a W2k Domain
- Previous by thread: Re: SID filter between a W2k and a W2k Domain
- Next by thread: Re: SID filter between a W2k and a W2k Domain
- Index(es):
Relevant Pages
|
