patrickfreer
asked on
Built-In Domain Objects not visible from Member Server
We have a new Windows 2008 R2 domain which is functioning well with 2 domain controllers. We have an old 2003 domain which we have DCPOMO'd out as the last domain controller, then added it fresh as a member server to the new domain.
It works fine for the most part, but for some reason when we try to add security for a file share (any file share or NTFS security incl new ones) we can see all active directory users and groups apart from the Built-In ones. I.e. "Administrators" is invisible, "Users" is invisible, but "Domain Admins" is fine.
A manual browse of A/D confirms this - we can browse to the Built-In folder, but groups such as "Administrators" is not visible.
I've confirmed that these are seen from the D/C and client PCs.
It works fine for the most part, but for some reason when we try to add security for a file share (any file share or NTFS security incl new ones) we can see all active directory users and groups apart from the Built-In ones. I.e. "Administrators" is invisible, "Users" is invisible, but "Domain Admins" is fine.
A manual browse of A/D confirms this - we can browse to the Built-In folder, but groups such as "Administrators" is not visible.
I've confirmed that these are seen from the D/C and client PCs.
ASKER
No - these are domain objects. Please see the enclosed screenshots - one from a Domain controller showing where the objects are (and are expected to be) and the other from the member server which is unable to reference them.
Please note domain is redacted, not faulty.
DCView.jpg
MemberView.jpg
Please note domain is redacted, not faulty.
DCView.jpg
MemberView.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What happens when you do not type anything in and try to search?
It should populate ALL of the groups including the group you are looking to add. If this does not show anything, then something might be wrong with directory services (check event logs for errors).
Also, is this a cloned machine, a machine that is being replaced, VM, or brand new machine?
Please let me know if this helps... Thank you!
It should populate ALL of the groups including the group you are looking to add. If this does not show anything, then something might be wrong with directory services (check event logs for errors).
Also, is this a cloned machine, a machine that is being replaced, VM, or brand new machine?
Please let me know if this helps... Thank you!
You would need to change to the local computer to add these groups.
If you want to add Users for the Domain you would need to use Domain Users