ACL failing

  • Thread starter Thread starter WooYing
  • Start date Start date
W

WooYing

I have users from a domain called abc.com and then I built a new one called
123.com and setup a 2 way trust between the two. I then migrated users from
ABC.com to 123.com keeping their SID the same. We had the trust break a few
time and now users have to be setup on the ABC.com even though their
123.com/user account exist in a share folder. For example I have a folder
called Share and I few users on abc.com on their and in the past they were
able to access the folder but now I have to add the same users under the new
domain name 123/user onto the same shared. Sometime went wrong, has anyone
ever seen this before? Thanks
 
Have u checked the group realatioship policy e.g

Global to Global same domian
Universal to Local cross domain
 
In
WooYing said:
I have users from a domain called abc.com and then I built a new one
called 123.com and setup a 2 way trust between the two. I then
migrated users from ABC.com to 123.com keeping their SID the same. We had
the trust break a few time and now users have to be setup on
the ABC.com even though their 123.com/user account exist in a share
folder. For example I have a folder called Share and I few users on
abc.com on their and in the past they were able to access the folder
but now I have to add the same users under the new domain name
123/user onto the same shared. Sometime went wrong, has anyone ever
seen this before? Thanks
Click to expand...

Did you delete the original users in abc.com that you migrated with their
SID history to 123.com?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]
 
Ace, No I did not delete the original account, both account are still
active. Thanks


"Ace Fekay [MVP]"
In
WooYing said:
I have users from a domain called abc.com and then I built a new one
called 123.com and setup a 2 way trust between the two. I then
migrated users from ABC.com to 123.com keeping their SID the same. We had
the trust break a few time and now users have to be setup on
the ABC.com even though their 123.com/user account exist in a share
folder. For example I have a folder called Share and I few users on
abc.com on their and in the past they were able to access the folder
but now I have to add the same users under the new domain name
123/user onto the same shared. Sometime went wrong, has anyone ever
seen this before? Thanks
Click to expand...

Did you delete the original users in abc.com that you migrated with their
SID history to 123.com?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
you to easily find, track threads, cross-post, sort by date, poster's
name, watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]
Click to expand...
 
In
WooYing said:
Ace, No I did not delete the original account, both account are still
active. Thanks
Click to expand...

When you reestablished the trust after it broke, did the problem continue?

Ace
 
In
WooYing said:
Yes, the ACL just stop working
Click to expand...

If you break the trust and re-create it, does it work?

Sorry for all the questions, just trying to understand whether breaking and
reestablishing the trusts works. If not, then I would look at DNS (if this
is a forest trust) or if NetBIOS resolution is an issue (for the legacy
style trusts).

If you can add any additional info, that would be good. ANything out of the
ordinary. Event log errors? Is it a forest trust? Are the two domains on the
same subnet?

Ace
 
Back
Top