Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

Where is my Group?

I have created a group called Acct. on A DC I have added a user to this group named Jay. I goto my Member Server win2k3 and Share a folder called Shared. I goto Shared permissions to allow the Group Acct to access this folder. I cannot find that group in Dialog box(es). I stick with the defaults of everyone/read.

I goto security tab to add Acct access to the Shared folder. I cannot find the Acct group in Dialog Box(es). I can find the user Jay, I can give permissions to jay. I need to be able to do this for groups. Where did my Acct group go?

Selected Object Types = Built in Security Principals, Groups and User. (I did NOT select Computers for the obvious reasons).
 
From This Location = (Searched in) Entire Directory, Users, Container where Acct and Jay account resides. Still NO Acct group...

What? What? What?

Simple I know.


0
ultreya
Asked:
ultreya
  • 13
  • 10
  • 5
  • +1
2 Solutions
 
MrMintanetCommented:
Did you make it a security group and not a distribution group?  In ADUC, right click on the group you have created.  Click properties.  Let me know.  It should be a security group.
0
 
ultreyaAuthor Commented:
I am sorry I should have added that ...
Security Group.
0
 
Mike KlineCommented:
Very odd, can you download adfind
http://www.joeware.net/freetools/tools/adfind/index.htm
run
adfind -sc  g:Acct
just want to make sure that group is in the directory.
...also if it is there what kind of group is it (i.e. global/security)
Thanks
Mike
 
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
oBdACommented:
Could it be that this is a *domain* *local* group, and your AD is not running in W2k3 functional level yet?
Or that you have more than 1 DC and the member server was checking against the other one, while the group maybe wasn't replicated yet?
0
 
ultreyaAuthor Commented:
I cannot add 3rd party software to the server... Company rules, for security.
I can assure you that the Acct Group and Jay are there. I can goto the Exchange server (seperate server) and see them through AD Console. I can goto the 2nd DC and see the Acct Group and Jay

Domain local / Security
0
 
MrMintanetCommented:
Sounds like it hasn't replicated yet.

http://technet.microsoft.com/en-us/library/cc776188.aspx
0
 
oBdACommented:
Domain local groups are only available on member servers if the domain is running at least in Windows 2000 native mode.
If you don't have any DCs running NT4 or W2k (and are not planning to introduce any ever), you can raise the functional level of your AD:
How to raise domain and forest functional levels in Windows Server 2003
http://support.microsoft.com/kb/322692
0
 
ultreyaAuthor Commented:
My domain functional level is 2K3 All 6 of my servers are Server2K3
0
 
ultreyaAuthor Commented:
"Sounds like it hasn't replicated yet."
I have forced replication on the servers (DC's), With NO change I still cannot see the Group Acct only the user Jay.

I created the Acct group and Jay about 3 hours ago. Replication takes place 180 minute intervals?
0
 
MrMintanetCommented:
See?
domain.jpg
0
 
ultreyaAuthor Commented:
This¿
Acct.bmp
0
 
MrMintanetCommented:
Change the scope to Global.
0
 
oBdACommented:
Your domain is not running in W2k3 functional level, otherwise you'd have the possibility to convert the group type to Universal, and you'd be able to see the group on the member server.
Please check the article I linked above.
0
 
ultreyaAuthor Commented:
Success...
Why Global works and not Domain local.
It's in the same domain¿¿¿
0
 
MrMintanetCommented:
What was success?  How wonderful those three ¿¿¿ are.  LOL
0
 
ultreyaAuthor Commented:
"Your domain is not running in W2k3 functional level, otherwise you'd have the possibility to convert the group type to Universal, and you'd be able to see the group on the member server."

My apologies You are correct. I thought we set this domain up as 2k3 since all servers are 2k3. My Bad

Does this explain why domain local would not register???
0
 
ultreyaAuthor Commented:
"Change the scope to Global"
I deleted the Acct group, and recreated the group, as a global, and it was instantly seen.
0
 
MrMintanetCommented:
:)  Good.  Glad I could finally get someone's problem solved!  LOL.  It's been a slow day for me.  I have a touch of the flu.
0
 
Mike KlineCommented:
...and if all your DCs are at 2k3 you should plan to raise your functional level at some point.
Thanks
Mike
0
 
ultreyaAuthor Commented:
Why did I have to use global though?
Domain Local should have done the same thing. I only have the one domain.
0
 
oBdACommented:
Change the forest and domain functional level to W2k3, and you'll be able to use domain local groups on member servers as well. You'll be able to change the group scope and type, and it will make it easier to use concepts like AGDLP (http://en.wikipedia.org/wiki/AGDLP)
Group scope
http://technet.microsoft.com/en-us/library/cc755692.aspx
0
 
MrMintanetCommented:
Is this not solved?
0
 
oBdACommented:
As I've said before: domain local groups are only available on member servers if your domain functional level is at least Windows 2000 native. All lower versions (Windows 2000 mixed, W2k3 interim) allow the use of NT4 DCs, and NT4 DCs can't handle domain local groups; these were only introduced with AD.
0
 
ultreyaAuthor Commented:
I believe we are getting ready to change all servers to 2008,
thus any changes to the existing network will be debated.
Thank you for your help.
0
 
ultreyaAuthor Commented:
Thank you for your help.
0
 
MrMintanetCommented:
How was my answer not considered accepted?  It was considered "assisted".  What on earth?
0
 
Mike KlineCommented:
Let it go man...you got points :)  
In the end he was helped and that is what matters
0
 
MrMintanetCommented:
LOL.  Right... Somehow, I think I was robbed.  Meh... anyways!  Onward!  To the next question!
0
 
ultreyaAuthor Commented:
MrMintanet, I am sorry you feel robbed on points. I increased the value to 300 and split them between you and oBdA.

Your resolution was correct, in that I changed to a global group rather than a domain local, and I could then see the group.

Although oBdA's first post was correct and it was my error that overlooked what would have been the final resolution.

The site is responsible for determining assisted due to placement. I would be more than happy to resolve any issues you may have with the grading system, just tell me what you want me to do? I admit MY ERROR in overlooking oBdA and where he was going, so in essence he got hosed on points as well. So how do I make it right?
0
 
MrMintanetCommented:
My tears are shed, but my face is dry.  I will try to wipe up my mess so no one slips and falls.  :)  It's fine.  I am just a tad bit saddened by my lack of love.  I am going to buy a dog tonight.
0
 
ultreyaAuthor Commented:
Well I hope you at least get to feeling better. I know the flu sux :)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 13
  • 10
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now