NTFS groups fault on 2003? Domain local groups. Global groups

Hi all
I have robocopied all the file share from a Win 2000 DC onto a member 2003 server in the same domain.

Users report no access to some folders. I check the folders and see nothing wrong with the NTFS groups. I then check to readd the group onto the NTFS through AD advanced search option, the group is not coming up in the search list.

I create a new local group and it still does not turn up in advanced search list.
I create a global group and it comes up in advanced search.
2000 mixed mode I thought is not supposed to have effect on the local groups.
The strange thing is some local groups are working and some are not.
I dont want to recreate all the groups into global, take me all day.
We dont intend to be moving up from 2000 mixed mode for a while. I need the local groups working now
Regards
Chillinlong
LVL 1
chillinlongAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
ee_ai_constructConnect With a Mentor Commented:
Question answered by asker or dialog valuable.
Closed, 200 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0
 
rhandelsCommented:
Hi,

Did you make sure the share permissions are set?? Also, is the 2003 server part of the domain?? Do you see any difference between the Local Groups you created?? Are they placed in specified OU's or thing like that??
0
 
chillinlongAuthor Commented:
Yeah 2003 in same domain.

No difference, the local groups I create are not visible in advanced search options.

They are placed in users OU.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
rhandelsCommented:
And i guess they are all placed within the same OU... If yu check the properties of the Local Groups, do you see some strange things of the groups that are not there?? Maybe the display name is different than there Pre Windows 2000 name?? Try renaming the Local group (one you cannot find) and see what happens....
0
 
chillinlongAuthor Commented:
hmm, a good idea to try out though. I will try it out and update you on that.

I am able to see the groups in AD user object. But when I go to the file share on the 2003 and select NTFS permissions add or remove, then select advanced option to find the AD user object. Some local groups does not appear but all domain global groups do appear and user objects do appear.

I have read an MS fault before in regards to the SID update after moving files from a DC onto a member server in a 2000 domain. But that was specified for cross domain file transfers.
0
 
rhandelsCommented:
Hi,

Indeed, if you do a cross domain transfer, the groups and users get new SID's. Normally you should be able to see these groups, even if you transfer files. What happens if you create a new folder???

Also some thoughts on it. Are all of those groups security groups??? Or are some of them distribution groups?? If these, the ones you cant see, are distrib groups, it could also cause this problem..
0
 
chillinlongAuthor Commented:
Yep they are all security groups. How do you mean what happens when you create a new folder?

0
 
rhandelsCommented:
If you create a new folder and try to set permissions, do you see the Local Groups then???
0
 
chillinlongAuthor Commented:
Once created a new folder you have the option off adding users, groups and computers and I press add then I select advanced option to open the AD search utility to search for the groups.

Some local groups come up and some dont. But global groups come up all the time.

I am thinking of making the 2003 a DC to see if this resolves. But there is an NT4 domain controller therefore I cannot promote it just yet.
0
 
rhandelsCommented:
Hi,
If this is a 2000 domain, make sure to do a adprep /forestprep and a adprep /domainprep (adprep is on the 2003 cd in the i386 folder). After that, you can make the 2003 machine a DC. If you make sure the domain is in 2000 Mixed mode, you can leave the NT machine as a DC...
0
 
chillinlongAuthor Commented:
I solved the problem myself thanks.

It was promoting the DC in the end that was the problem.
Microsoft have documented a problem like this as the link states below:

http://support.microsoft.com/default.aspx?kbid=320230

0
 
rhandelsCommented:
Agree
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.