| Author |
Message |
Andy
Guest
|
 Posted:
Tue Jan 18, 2005 11:41 pm Post subject:
Trust Relationship not Trusting 1 server?! Please help |
|
|
Hi,
We have a NT Domain and an AD in place with a 2 way trust between them
In the NT domain we have 3 NT DC's
In the AD we have a 2003 DC and a 2000 DC
Here is the issue
from any of the NT DC's I can browse straight to the C$, D$ etc shares of
the 2003 DC in the AD, without supplying Credentials of any kind.
From any of the NT DC's when trying to browse to the same shares on the 2000
AD DC I get prompted for authentication.
This was not happening when it was a member server, only after I promoted it
to an AD controller.
The only thing I can note was that before it was a Controller it's local
admin group had the NT Domain admins as members. Now that it is a controller
and the local groups cease to be accessible as it is managed by Group Policy
could this have anything to do with it??
Any help greatly apprectiated as this has been a real thorn in my side.
Thanks
Andy |
|
| Back to top |
|
 |
Phillip Windell
Guest
|
| Posted:
Wed Jan 19, 2005 12:01 am Post subject:
Re: Trust Relationship not Trusting 1 server?! Please help |
|
|
"Andy" <Andy@discussions.microsoft.com> wrote in message
news:2424B001-EA9A-4F7C-91B3-E250F623FF37@microsoft.com...
| Quote: | The only thing I can note was that before it was a Controller it's local
admin group had the NT Domain admins as members. Now that it is a
controller
and the local groups cease to be accessible as it is managed by Group
Policy
could this have anything to do with it??
|
Group Policy does not replace Groups. The Groups are still there. The local
Administrators Group is in the AD folder called "Builtin". The Domain
Admins group from the NT Domain must be added to it. Give it time to
replicate once the change is made.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com |
|
| Back to top |
|
|
Andy
Guest
|
| Posted:
Wed Jan 19, 2005 4:39 pm Post subject:
Re: Trust Relationship not Trusting 1 server?! Please help |
|
|
Hi Phillip,
Thanks for your reply, the NT Domain groups were already in the
adminstrators builtin group. I think I have tracked the problem down as the
machine account for the 2000 AD DC, I have used the NETDOM RESETPWD utilty
and this appears (fingers crossed!) to have resolved the problem.
Thanks again
Andy
"Phillip Windell" wrote:
| Quote: |
"Andy" <Andy@discussions.microsoft.com> wrote in message
news:2424B001-EA9A-4F7C-91B3-E250F623FF37@microsoft.com...
The only thing I can note was that before it was a Controller it's local
admin group had the NT Domain admins as members. Now that it is a
controller
and the local groups cease to be accessible as it is managed by Group
Policy
could this have anything to do with it??
Group Policy does not replace Groups. The Groups are still there. The local
Administrators Group is in the AD folder called "Builtin". The Domain
Admins group from the NT Domain must be added to it. Give it time to
replicate once the change is made.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in