Solved

NTFS groups fault on 2003? Domain local groups. Global groups

Posted on 2004-10-08
13
228 Views
Last Modified: 2006-11-17
Hi all
I have robocopied all the file share from a Win 2000 DC onto a member 2003 server in the same domain.

Users report no access to some folders. I check the folders and see nothing wrong with the NTFS groups. I then check to readd the group onto the NTFS through AD advanced search option, the group is not coming up in the search list.

I create a new local group and it still does not turn up in advanced search list.
I create a global group and it comes up in advanced search.
2000 mixed mode I thought is not supposed to have effect on the local groups.
The strange thing is some local groups are working and some are not.
I dont want to recreate all the groups into global, take me all day.
We dont intend to be moving up from 2000 mixed mode for a while. I need the local groups working now
Regards
Chillinlong
0
Comment
Question by:chillinlong
  • 6
  • 5
13 Comments
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

Did you make sure the share permissions are set?? Also, is the 2003 server part of the domain?? Do you see any difference between the Local Groups you created?? Are they placed in specified OU's or thing like that??
0
 
LVL 1

Author Comment

by:chillinlong
Comment Utility
Yeah 2003 in same domain.

No difference, the local groups I create are not visible in advanced search options.

They are placed in users OU.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
And i guess they are all placed within the same OU... If yu check the properties of the Local Groups, do you see some strange things of the groups that are not there?? Maybe the display name is different than there Pre Windows 2000 name?? Try renaming the Local group (one you cannot find) and see what happens....
0
 
LVL 1

Author Comment

by:chillinlong
Comment Utility
hmm, a good idea to try out though. I will try it out and update you on that.

I am able to see the groups in AD user object. But when I go to the file share on the 2003 and select NTFS permissions add or remove, then select advanced option to find the AD user object. Some local groups does not appear but all domain global groups do appear and user objects do appear.

I have read an MS fault before in regards to the SID update after moving files from a DC onto a member server in a 2000 domain. But that was specified for cross domain file transfers.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

Indeed, if you do a cross domain transfer, the groups and users get new SID's. Normally you should be able to see these groups, even if you transfer files. What happens if you create a new folder???

Also some thoughts on it. Are all of those groups security groups??? Or are some of them distribution groups?? If these, the ones you cant see, are distrib groups, it could also cause this problem..
0
 
LVL 1

Author Comment

by:chillinlong
Comment Utility
Yep they are all security groups. How do you mean what happens when you create a new folder?

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 23

Expert Comment

by:rhandels
Comment Utility
If you create a new folder and try to set permissions, do you see the Local Groups then???
0
 
LVL 1

Author Comment

by:chillinlong
Comment Utility
Once created a new folder you have the option off adding users, groups and computers and I press add then I select advanced option to open the AD search utility to search for the groups.

Some local groups come up and some dont. But global groups come up all the time.

I am thinking of making the 2003 a DC to see if this resolves. But there is an NT4 domain controller therefore I cannot promote it just yet.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,
If this is a 2000 domain, make sure to do a adprep /forestprep and a adprep /domainprep (adprep is on the 2003 cd in the i386 folder). After that, you can make the 2003 machine a DC. If you make sure the domain is in 2000 Mixed mode, you can leave the NT machine as a DC...
0
 
LVL 1

Author Comment

by:chillinlong
Comment Utility
I solved the problem myself thanks.

It was promoting the DC in the end that was the problem.
Microsoft have documented a problem like this as the link states below:

http://support.microsoft.com/default.aspx?kbid=320230

0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Agree
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
Comment Utility
Question answered by asker or dialog valuable.
Closed, 200 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now