My domain consists of 3 Windows 2000 domain controllers, 1 NT 4.0 member server acting as an Exchange 5.5 server and 10 other Windows 2000 member servers. The domain was recently upgraded from an NT 4.0 domain. Even though I am not running any NT BDC's I am still running in Mixed mode. Will be making the change soon. Just wanted to make sure everything is running fine w/ the 2000 domain.
Only minor Issue I am seeing relates to file / folder permissions at the server level. Once and a while if I look at the properties of a file or folder, and goto the security tab, I may see 1 or 2 SID's (along with Domain users and domain groups) Are these SIDs that are not being removed when accounts are removed from the domain? (Employee quits / get fired, his account is removed) My thought is that the SID is associated with the folder or file, but when it looks to active directory to resolve the sid to an account / group name, it cannot be found. Am I correct? Has anyone seen this before.