Solved

NTFS groups fault on 2003? Domain local groups. Global groups

Posted on 2004-10-08
13
232 Views
Last Modified: 2006-11-17
Hi all
I have robocopied all the file share from a Win 2000 DC onto a member 2003 server in the same domain.

Users report no access to some folders. I check the folders and see nothing wrong with the NTFS groups. I then check to readd the group onto the NTFS through AD advanced search option, the group is not coming up in the search list.

I create a new local group and it still does not turn up in advanced search list.
I create a global group and it comes up in advanced search.
2000 mixed mode I thought is not supposed to have effect on the local groups.
The strange thing is some local groups are working and some are not.
I dont want to recreate all the groups into global, take me all day.
We dont intend to be moving up from 2000 mixed mode for a while. I need the local groups working now
Regards
Chillinlong
0
Comment
Question by:chillinlong
  • 6
  • 5
13 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 12257703
Hi,

Did you make sure the share permissions are set?? Also, is the 2003 server part of the domain?? Do you see any difference between the Local Groups you created?? Are they placed in specified OU's or thing like that??
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12258641
Yeah 2003 in same domain.

No difference, the local groups I create are not visible in advanced search options.

They are placed in users OU.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12259437
And i guess they are all placed within the same OU... If yu check the properties of the Local Groups, do you see some strange things of the groups that are not there?? Maybe the display name is different than there Pre Windows 2000 name?? Try renaming the Local group (one you cannot find) and see what happens....
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:chillinlong
ID: 12259829
hmm, a good idea to try out though. I will try it out and update you on that.

I am able to see the groups in AD user object. But when I go to the file share on the 2003 and select NTFS permissions add or remove, then select advanced option to find the AD user object. Some local groups does not appear but all domain global groups do appear and user objects do appear.

I have read an MS fault before in regards to the SID update after moving files from a DC onto a member server in a 2000 domain. But that was specified for cross domain file transfers.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12261796
Hi,

Indeed, if you do a cross domain transfer, the groups and users get new SID's. Normally you should be able to see these groups, even if you transfer files. What happens if you create a new folder???

Also some thoughts on it. Are all of those groups security groups??? Or are some of them distribution groups?? If these, the ones you cant see, are distrib groups, it could also cause this problem..
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12264174
Yep they are all security groups. How do you mean what happens when you create a new folder?

0
 
LVL 23

Expert Comment

by:rhandels
ID: 12265297
If you create a new folder and try to set permissions, do you see the Local Groups then???
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12265852
Once created a new folder you have the option off adding users, groups and computers and I press add then I select advanced option to open the AD search utility to search for the groups.

Some local groups come up and some dont. But global groups come up all the time.

I am thinking of making the 2003 a DC to see if this resolves. But there is an NT4 domain controller therefore I cannot promote it just yet.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 12270192
Hi,
If this is a 2000 domain, make sure to do a adprep /forestprep and a adprep /domainprep (adprep is on the 2003 cd in the i386 folder). After that, you can make the 2003 machine a DC. If you make sure the domain is in 2000 Mixed mode, you can leave the NT machine as a DC...
0
 
LVL 1

Author Comment

by:chillinlong
ID: 12272986
I solved the problem myself thanks.

It was promoting the DC in the end that was the problem.
Microsoft have documented a problem like this as the link states below:

http://support.microsoft.com/default.aspx?kbid=320230

0
 
LVL 23

Expert Comment

by:rhandels
ID: 12274151
Agree
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12305174
Question answered by asker or dialog valuable.
Closed, 200 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question