Apply Domain Local Groups on Member Servers

I have a problem that I just discovered.  It seems that I am unable to apply permissions for any Domain Local Groups on any of my member servers?  I can apply fine on the domain controllers but not on any member server... is there something special I need to to to allow domain local groups to be applied on the member servers?

If I was not clear I am trying to apply security to directories/files.

Thank you for your help.

Austin Henderson
LVL 1
NTGuru705Asked:
Who is Participating?
 
oBdAConnect With a Mentor Commented:
Since you can't demote an NT4 BDC (there's a 3rd party tool out there someplace that claims to be able to do this, but I wouldn't trust it, especially if there's Exchange running on it as well), your only chance would be to upgrade this machine to W2k as well, but I wouldn't consider that "without problems".
I'd recommend for the time being to do it the old fashioned way, assigning permissions to local groups on the member servers to which you add the appropriate global groups.
0
 
oBdACommented:
Your domain is probably still running in mixed mode. For domain local groups to be available on member servers, you'll need to switch your domain to native mode, otherwise they'll behave like local groups on NT4 DCs.
As long as you don't have any leftover NT4 BDCs or plan to add NT4 BDCs, you should be able to switch over without problems.

Members of a Domain Local Group Are Not Granted Rights
http://support.microsoft.com/?kbid=260534

Modes Supported by Windows 2000 Domain Controllers
http://support.microsoft.com/?kbid=186153

Group Type and Scope Usage in Windows
http://support.microsoft.com/?kbid=231273
0
 
NTGuru705Author Commented:
This is right on..
Here is the problem.. we are running an Exchange 5.5 box that at one time was a BDC (technically still is) for my NT 4 domain that is now mixed mode with three 2K DCs and this NT 4 box.... there is no way for me to go native because of this box is there... ?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
NTGuru705Author Commented:
The problem is I cant do that.  It is a NAS device and the Domain Local groups are on one of my domain controllers... the disk space that I bought is where I need to apply the permissions... and there are a ton of groups that have been created for this purpose. Previously we had no troubles because the disks that these permissions were applied to were ON the DC.. but we are taking that burdon off the DC and putting it on the NAS device... thus my problem has been revealed.

Perhaps my exchange upgrade is quicker that planned.
0
 
NTGuru705Author Commented:
I am looking at using ... UPromote..

http://utools.com/UPromote.asp

Anyone have any experience with this tool.. if it were not for Exchange 5.5 running on this box I would just pull the trigger on this tool but I hesitate because of Exch 5.5 on it.

Thanks
0
 
oBdACommented:
Well, that's exactly the tool I meant, but I don't have any experience with it, sorry; and I guess you found http://utools.com/Exchange.asp already.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.