Re: VPN Server - AD users OK - NT Users not OK

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
Date: Wed, 16 Jul 2008 09:41:56 -0500

"Robert Nafty" <rob_nafty_spam@xxxxxxxxxxxxx> wrote in message
news:%233Q8ARs5IHA.2260@xxxxxxxxxxxxxxxxxxxxxxx

Hi,
We have two domains.
Domain A is Active Directory. Most users and servers are here. The VPN
server is here.
We have an old domain (Domain B) which is NT. It has some users on still.
Trusts are in place etc. The domains have ran together for years and don't
have any other problems.

I can't prove it,..but I dont' think it will work unless you have one VPN
Server in each domain with each handling the users from that domain. The
"dialup" rights toggle is directly in the properties of the user account
itself (can't be set by Groups) and I don't know that this will be
aknowledged over the Trust.

But I could be wrong here.

What you really need to do is migrate all the users to the AD Domain. The
Trusts will still let the Domains interact share resources with each
other,...but keep all the user accounts in the one AD Domain. Once
migrated, remove the user accounts from the NT Domain to avoid confusion.
The only accounts that should remain are the original built in accounts like
the Administrator.

Research the details before doing it. It will change the way Workstations
on the NT Domain are "logged in" because they will now use the AD Domain on
the third line and the Users profiles might need work. You can break things
unexpectantly if you aren't careful.

The final goal eventually should be to elminate the NT Domain.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

.

References:
- VPN Server - AD users OK - NT Users not OK
  - From: Robert Nafty
- Re: VPN Server - AD users OK - NT Users not OK
  - From: Phillip Windell
- Re: VPN Server - AD users OK - NT Users not OK
  - From: Robert Nafty

Prev by Date: Increase the DNSCache with Windows 2003
Next by Date: Re: Application Hang
Previous by thread: Re: VPN Server - AD users OK - NT Users not OK
Next by thread: Multiple NICs connected to the internet (not load balancing)
Index(es):
- Date
- Thread

Relevant Pages

Re: SBS 2000 install problems (need to reinstall from scratch)
... I am NOT wanting to keep all of Active Directory. ... corrupt the new install. ... have any problem with recreating the user accounts at this point. ... >> I am familiar with the Active Directory replication from one server to ...
(microsoft.public.backoffice.smallbiz2000)
Re: follow-up: need advice for installing VPN on Windows Server 2003
... You can setup VPN using just one NIC. ... the error message is some things to do with AD. ... Server Setup Wizard", I selected the "Custom Configuration" option. ... to access "Active Directory", ...
(microsoft.public.windows.server.networking)
Re: Remove Ghost DC from AD
... > This worked just fine but now the problem is that in the ACtive Directory ... > Users and Computers, in the Domain Controllers container, there's still ... > We've tried to delete the server from the list and it gives the following ... > We even changed the GPSO to allow: "Enable computer and user accounts to ...
(microsoft.public.windows.server.active_directory)
Re: follow-up: need advice for installing VPN on Windows Server 2003
... Is the VPN server also DC? ... Active Directory Federation Services ... IIS & AD or Domain Controller? ...
(microsoft.public.windows.server.networking)
SBS Setup Error: An error occurred while creating user accounts...
... At the end of the SBS Setup, I get the error: ... creating user accounts. ... create a test user to verify that Active Directory is running. ... I'm then prompted to restart the server, but it doesn't think it has finished ...
(microsoft.public.windows.server.sbs)