Re: SID filter between a W2k and a W2k Domain
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Tue, 23 Sep 2008 07:45:14 +0000 (UTC)
Hello Thorsten,
Just to make sure that it isn't the firewall disable it completely for a test.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,domain>> /FilterSIDs:no" for the W2k3 domain and the command execute
I created a W2k Test Domain this morning and I did a trust between the
W2k and the W2k3 domain. Now I have a W2k domain with two trusts, one
with a W2k3 and one with a W2k8 domain. Both trust a unidirectional
trust form the W2k domain outside.
Now I used the command "netdom trust <trusting domain>
/domain:<trusted
domain>>
successfully. Then I tested it with the W2k8 domain, the result of the
command was "Access denied".
I think something ist other on the W2k8 DC. The firewall on the W2k8
DC ist for the domain profile disabled.
What could I test to solve the problem?
kind regards
Thorsten
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667cb48caeae1590e5a30@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
RESDOM is resource domain and ACCDOM the other one. Check out this
article
about the needed rights for enabling and also disabling SID filtering
in
the domain:
http://technet.microsoft.com/en-us/library/cc773319.aspx
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
sorry, I used this parameter "FilterSIDs:no", because this netdom
version
did not understand the other parameter. But what should I say: I got
the
message "Access denied".
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667ca78caeade5c97d670@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
For Windows 2000 use this example (the RESDOM domain is filtering
the
ACCDOM domain):
Check out this one to disable SID filtering: netdom trust RESDOM
/D:ACCDOM
/UD:ACCDOM\Administrator /PD:adminpwd /UO:RESDOM\Administrator
/PO:adminpwd /filtersids:no
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
I got a error meesage that a procedure is wrong on the
kernel32.dll.
I
could
not/should not replace the dll, or not? ;-)
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667c938caead907d44290@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
Try out the 2003 tools:
http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-a
bd
1-
981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
I found this acrticle this morning, too.
I had have do all Points from Akila without the Point 5. I had
only a one way trust from the W2k to the W2k8 Domain. Now I have
changed the configuration and I have a bidirectional trust
between the domains. On the Point 6 of the Posting I should
diable the SID Filter, but this does not work at my environment.
I found a posting that it could be the netdom version on the W2k
DC, but the netdom version from the W2k8 does not work on the
W2k DC.
Kind regards
Thorsten
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667c7a8caead43f346260@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
Have a look on this posting if you are using ADMT or NetIQ DMA
and Quest Migration Manager tools:
http://www.petri.co.il/forums/showthread.php?t=26101
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
I got a "Access denied"
If I insert a wrong password I got the message "password
wrong"
The
user has Domain/Enterprise Adminrights. The DNS settings are
correct,
I can make a nslookup for the destination domain on the source
domain.
Best regards
Thorsten
"Meinolf Weber" <meiweb(nospam)@gmx.de> schrieb im Newsbeitrag
news:ff16fb667c6e8caeacdc99a1690@xxxxxxxxxxxxxxxxxxxxxxx
Hello Thorsten,
What output comes with this command:
Netdom TRUST trustingdomain /domain:TRUSTEDDOMAIN
/quarantine:no /usero:useraccount/passwordo:password
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no
warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm
Hello,
We are planning to do inter-forest users and group
migration. Now we have a trust between the W2k and the W2k8
Domain. The SID Filter on the W2k Domain ist eneabled and if
we use the comannd "Netdom TRUST <TrustingDomain>
/domain:<TrustedDomain> /FilterSIDs:No
/userD:<domainadminAcct> /passwordD:<domainadminpwd>", we
got a "Access Denied". The user on both Domains are Domain-
/Enterprise Admins. How can we disable the SID-filter
between a W2k and a W2k8 inter-forest trust?
Thanks.
Thorsten
.
- Follow-Ups:
- Re: SID filter between a W2k and a W2k Domain
- From: Thorsten
- Re: SID filter between a W2k and a W2k Domain
- References:
- Re: SID filter between a W2k and a W2k Domain
- From: Thorsten
- Re: SID filter between a W2k and a W2k Domain
- Prev by Date: Re: SID filter between a W2k and a W2k Domain
- Next by Date: Re: SID filter between a W2k and a W2k Domain
- Previous by thread: Re: SID filter between a W2k and a W2k Domain
- Next by thread: Re: SID filter between a W2k and a W2k Domain
- Index(es):
Relevant Pages
|
