Solved

NTFS groups fault on 2003? Domain local groups. Global groups

Posted on 2004-10-08
13
236 Views
Last Modified: 2006-11-17
Hi all
I have robocopied all the file share from a Win 2000 DC onto a member 2003 server in the same domain.

Users report no access to some folders. I check the folders and see nothing wrong with the NTFS groups. I then check to readd the group onto the NTFS through AD advanced search option, the group is not coming up in the search list.

I create a new local group and it still does not turn up in advanced search list.
I create a global group and it comes up in advanced search.
2000 mixed mode I thought is not supposed to have effect on the local groups.
The strange thing is some local groups are working and some are not.
I dont want to recreate all the groups into global, take me all day.
We dont intend to be moving up from 2000 mixed mode for a while. I need the local groups working now
Regards
Chillinlong
0
Comment
Question by:chillinlong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
13 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 12257703
Hi,

Did you make sure the share permissions are set?? Also, is the 2003 server part of the domain?? Do you see any difference between the Local Groups you created?? Are they placed in specified OU's or thing like that??
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12258641
Yeah 2003 in same domain.

No difference, the local groups I create are not visible in advanced search options.

They are placed in users OU.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12259437
And i guess they are all placed within the same OU... If yu check the properties of the Local Groups, do you see some strange things of the groups that are not there?? Maybe the display name is different than there Pre Windows 2000 name?? Try renaming the Local group (one you cannot find) and see what happens....
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:chillinlong
ID: 12259829
hmm, a good idea to try out though. I will try it out and update you on that.

I am able to see the groups in AD user object. But when I go to the file share on the 2003 and select NTFS permissions add or remove, then select advanced option to find the AD user object. Some local groups does not appear but all domain global groups do appear and user objects do appear.

I have read an MS fault before in regards to the SID update after moving files from a DC onto a member server in a 2000 domain. But that was specified for cross domain file transfers.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12261796
Hi,

Indeed, if you do a cross domain transfer, the groups and users get new SID's. Normally you should be able to see these groups, even if you transfer files. What happens if you create a new folder???

Also some thoughts on it. Are all of those groups security groups??? Or are some of them distribution groups?? If these, the ones you cant see, are distrib groups, it could also cause this problem..
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12264174
Yep they are all security groups. How do you mean what happens when you create a new folder?

0
 
LVL 23

Expert Comment

by:rhandels
ID: 12265297
If you create a new folder and try to set permissions, do you see the Local Groups then???
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12265852
Once created a new folder you have the option off adding users, groups and computers and I press add then I select advanced option to open the AD search utility to search for the groups.

Some local groups come up and some dont. But global groups come up all the time.

I am thinking of making the 2003 a DC to see if this resolves. But there is an NT4 domain controller therefore I cannot promote it just yet.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12270192
Hi,
If this is a 2000 domain, make sure to do a adprep /forestprep and a adprep /domainprep (adprep is on the 2003 cd in the i386 folder). After that, you can make the 2003 machine a DC. If you make sure the domain is in 2000 Mixed mode, you can leave the NT machine as a DC...
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12272986
I solved the problem myself thanks.

It was promoting the DC in the end that was the problem.
Microsoft have documented a problem like this as the link states below:

http://support.microsoft.com/default.aspx?kbid=320230

0
 
LVL 23

Expert Comment

by:rhandels
ID: 12274151
Agree
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12305174
Question answered by asker or dialog valuable.
Closed, 200 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question