Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 309
  • Last Modified:

Adding Active Directory Users to Local Accounts - partial domain connectivity

I have a strange issue.  I have the computer hooked up to a 2003 AD domain.  It has trust relationships to other domains - one of them NT.  When I look at the users from the user list in Active Directory, I can see all of the users from other domains.  The trust seems to be intact.  But, when I go to add domain users to a local user or group, the 2003 AD domain is not available, but the other trusted domains are available.  Any thoughts?  This is really strange.
1 Solution
awakeningsAuthor Commented:
Question, could a PIX ASA block the trust relationship in some way?  Everything is permitted otherwise.
awakeningsAuthor Commented:
This issue is appearing on more than one box.
You may wish to try resetting the domain machine account and the secure channel between the affected workstations and the 2k3 domains itself.

To do this, you'll need the Windows 2003 Server SP1 Support Tools, which (if you haven't already got) can be downloaded here:

Install the tools on a workstation you know is working correctly. Once you've done that, run the following command (once for each affected workstation):

NETDOM RESET workstation_name /Domain:domain_name

Once you've done that, and it reports successful, confirm it by verifying the connection using the command:

NETDOM VERIFY workstation_name /Domain:domain_name

If succesful, you should get a response like this:

The secure channel from FOO to the domain BAH has been verified.  The connection
is with the machine \\DC1.BAH.COM
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

I don't think there's anything wrong.

Explain what you are attempting to do?

Group nesting is not possible, however, some users can be nested into groups on the opposite domains depending on what groups you are attempting this on.

awakeningsAuthor Commented:
Sanx69, I'll ask the MIS staff to try that tomorrow.  I'm pretty sure those computers are connected to the domain however -- I'll save the complex details of how the staff work, but doing that may be a chore.

Netman66, what we are doing IS possible.  One can clearly see the other trusted domains, but not the domain that the station is in.  It is very weird.  It is also very wrong.  Trust me on this one.
PAQed with points refunded (500)

Community Support Moderator

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now