Windows Permission issue

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi all,

I have a windows 2000 Active directory which I will be upgrading to Windows
2003 over the next week. This is irrelevant info though.

I also have an NT4.0 domain. A single master with a resource domain. The
resource domain has had some of its permissions set using the built in domain
users group from the master domain. I have migrated user accounts and groups
to the windows 2000 forest and these work and can access resources in both
environments with no issue. They how ever cannot access any data explicitly
permissioned with the NT4.0 Domain\Domain Users group

What do I have to do to enable them to access the areas that are
permissioned with Domain Users and not explicit ACL groups? I hope it’s not a
re-permission exercise.

Mark

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Mark,

Please verify that the SIDHistory was correctly translated across in the
migration and that you have the correct permissions in the old domain.

From there you can look at group memberships between the two domains.

I would mention that this is only one of many reasons to avoid setting
permissions on the Domain Users group. If you can't get that to go, then
you very well may be looking at a re-permission situation. Remember, a
migration is usually just a step in a decommission process and should be
tested thoroughly before implementing across the board.

Consider that level or research and testing as you do your 2003
implementation -- especially its impact on your access of the NT4 domain.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Mark Parris" <mark.parris@discussions.microsoft.com.> wrote in message
news:213A7C4D-DB20-4445-95CA-D40F8F2D96AF@microsoft.com...
> Hi all,
>
> I have a windows 2000 Active directory which I will be upgrading to
Windows
> 2003 over the next week. This is irrelevant info though.
>
> I also have an NT4.0 domain. A single master with a resource domain. The
> resource domain has had some of its permissions set using the built in
domain
> users group from the master domain. I have migrated user accounts and
groups
> to the windows 2000 forest and these work and can access resources in both
> environments with no issue. They how ever cannot access any data
explicitly
> permissioned with the NT4.0 Domain\Domain Users group
>
> What do I have to do to enable them to access the areas that are
> permissioned with Domain Users and not explicit ACL groups? I hope it's
not a
> re-permission exercise.
>
> Mark
>