T
Tim.Olsen
Hello all. I'm baffled.
3 weeks ago I moved several users and groups using ADMT v3 from w2k to
w2k3 R2. I included SID history on each.
All was well with the world until last night, when DC's in both the
source and target domains rebooted and now migrated users no longer
have access to resources in the source domain.
I've trippled checked, ADSIedit shows the accounts have the SIDhistory
attribute set.
I've trippled checked the NTFS rights, they still include the old
resource names.
I've even got a userid/workstation pair that was locked up, not logged
off, at 5pm yesterday that still works. Yet new authentication of that
same ID, on the same workstation it fails --e.g. if I do a "runas
/user:domain\sameuser cmd" and try to to access the sameuser's
homedirectory I get access denied.
NTFS ACL's haven't changed.
SIDhistory attribute is there.
I'm stumped. Any ideas?
3 weeks ago I moved several users and groups using ADMT v3 from w2k to
w2k3 R2. I included SID history on each.
All was well with the world until last night, when DC's in both the
source and target domains rebooted and now migrated users no longer
have access to resources in the source domain.
I've trippled checked, ADSIedit shows the accounts have the SIDhistory
attribute set.
I've trippled checked the NTFS rights, they still include the old
resource names.
I've even got a userid/workstation pair that was locked up, not logged
off, at 5pm yesterday that still works. Yet new authentication of that
same ID, on the same workstation it fails --e.g. if I do a "runas
/user:domain\sameuser cmd" and try to to access the sameuser's
homedirectory I get access denied.
NTFS ACL's haven't changed.
SIDhistory attribute is there.
I'm stumped. Any ideas?