I am migrating to a new 2008 domain from an old one. There is a trust between the two. There are many groups were the SID is translating correctly.
in the 2008 domain I find this sid not resolving (hence denying access) s-blah blah-1201
from the 2003 domain;
If I do a SID look up on s-blah blah-1201 I get GROUP1
If I do a reverse on GROUP 1 it gives me s-blah blah-1413
This is telling me that there are TWO sid's connected to this group
2008 only sees the old 1201 SID, and is not translating it into the 1413 sid. This results in people not being able to access their files.
I am really stumped :(