Adding Active Directory Users to Local Accounts - partial domain connectivity

I have a strange issue.  I have the computer hooked up to a 2003 AD domain.  It has trust relationships to other domains - one of them NT.  When I look at the users from the user list in Active Directory, I can see all of the users from other domains.  The trust seems to be intact.  But, when I go to add domain users to a local user or group, the 2003 AD domain is not available, but the other trusted domains are available.  Any thoughts?  This is really strange.
awakeningsAsked:
Who is Participating?
 
DarthModCommented:
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0
 
awakeningsAuthor Commented:
Question, could a PIX ASA block the trust relationship in some way?  Everything is permitted otherwise.
0
 
awakeningsAuthor Commented:
This issue is appearing on more than one box.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
Sanx69Commented:
You may wish to try resetting the domain machine account and the secure channel between the affected workstations and the 2k3 domains itself.

To do this, you'll need the Windows 2003 Server SP1 Support Tools, which (if you haven't already got) can be downloaded here:
http://download.microsoft.com/download/3/e/4/3e438f5e-24ef-4637-abd1-981341d349c7/WindowsServer2003-KB892777-SupportTools-x86-ENU.exe

Install the tools on a workstation you know is working correctly. Once you've done that, run the following command (once for each affected workstation):

NETDOM RESET workstation_name /Domain:domain_name

Once you've done that, and it reports successful, confirm it by verifying the connection using the command:

NETDOM VERIFY workstation_name /Domain:domain_name

If succesful, you should get a response like this:

The secure channel from FOO to the domain BAH has been verified.  The connection
is with the machine \\DC1.BAH.COM
0
 
Netman66Commented:
I don't think there's anything wrong.

Explain what you are attempting to do?

Group nesting is not possible, however, some users can be nested into groups on the opposite domains depending on what groups you are attempting this on.


0
 
awakeningsAuthor Commented:
Sanx69, I'll ask the MIS staff to try that tomorrow.  I'm pretty sure those computers are connected to the domain however -- I'll save the complex details of how the staff work, but doing that may be a chore.

Netman66, what we are doing IS possible.  One can clearly see the other trusted domains, but not the domain that the station is in.  It is very weird.  It is also very wrong.  Trust me on this one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.