Announcement

Collapse
No announcement yet.

Unable to disable SID Filter

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to disable SID Filter

    Hello.
    I am about to migrate users from one 2003 AD to another 2003 AD.
    I want to use SIDhistory and the migrated users have both the new SID and the old one. So far all is fine.

    Then I have come to realize the issue of SID Filters.
    When trying to disable the SID filter in the "old" domain by using the
    NETDOM trust xxxxxxxxxxxxx /quarantine:no
    I get "access denied".

    Prior to trying the above I have run the "net use \\dc\ipc$" on both AD's to get rid of possible access errors. I have also tried specifying these settings via the "usero" and "userd" switches in the NETDOM command, still no luck.

    Anyone got any ideas ?

    Best regards
    Banjo

  • #2
    Re: Unable to disable SID Filter

    I have seen related errors when the account used for both domains had the same name but different passwords.
    You might want to give a try to creating a new account, putting it in Enterprise and Domain Admins and performing the task with that account.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: Unable to disable SID Filter

      Hi
      Sorry, did not work.
      I also tried doing it directly from the server (initially I was trying via RDP) but same result: Access Denied.

      The account that I use in the /UserO syntax is a member of Enterprise Admins and Domain Admins. Same for the account in the other domain.

      Any other suggestions ?

      Regards
      Banjo

      Comment


      • #4
        Re: Unable to disable SID Filter

        Can you verify the trust using the same account ? Do you get Access Denied when you do that ?
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Unable to disable SID Filter

          Hi
          I solved it.
          It was a silly thing. I did not write the FQDN for the domain name, I used the Netbios names only. (This should be okay according to MS).
          Anyway, by using the FQDN everything worked fine.

          Thanks
          /Banjo

          Comment


          • #6
            Re: Unable to disable SID Filter

            Glad that worked out for you.
            Thanks for sharing the solution !
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment

            Working...
            X