[Webinar] Learn how to a build a cloud-first strategyRegister Now


Juniper SA 2000

Posted on 2012-08-30
Medium Priority
Last Modified: 2012-08-31

The organization that I work for is in the process of migrating all users from one Active Directory Domain to another and I am the lucky System Administrator who has been charged with utilizing the duct tape to accomplish this goal.  I've established a method for migrating the users over in small groups from Domain-old to Domain-new utilizing a Forest Level trust.  The one snag I've run into currently is VPN access, I am attempting to find a method whereby we can utilize our SA2000 to  in conjunction with the trust to authenticate users of both domains until the transition is completed.  
I've verified that the Active Directory group, (Domain-Old\SA-REMOTE-USERS) which is being used for authentication is a Domain Local group in Domain-Old and the Active Directory group which I plan to also utilize in Domain-New (Domain-New\SA-REMOTE-USERS) is a member of that  group in Domain-Old.  However, when I attempt to authenticate with a user in Domain-New I either get an invalid UID/Pass error (Invalid username or password. Please re-enter your user information.) or (You are not allowed to sign in. Please contact your administrator.)
Is there a method by which this can be accomplished?
Question by:rglassford
1 Comment

Accepted Solution

rglassford earned 0 total points
ID: 38355237

We've been able to correct this issue.  We needed to create a secondary realm within the  Authentication > Auth. Servers > Active Directory / Windows NT > section and enable the "Allow Trusted Domains."

Keep in mind that a Forest Level Trust is required to accomplish this goal.  It is also recommended that the AD group on Domain-Old be a Security-domain-local group and create a new AD group on Domain-New with a type of Security-Domain-Universal.  You can then add the AD-Group from Domain-New to the AD-Group of Domain-Old.

I hope this assists other users who embark on this in the future.


Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question