Announcement

Collapse
No announcement yet.

Strange Problem - Or Maybe Impossible ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Strange Problem - Or Maybe Impossible ?

    Hi guys,

    Could really do with some advice.

    We have an existing forest (ForestA) which has 2 root domains in it with the usual tranitive trusts in place (both Windows 2000 Native).

    We want to consolidate these into a new forst\single domain so we created ForestB with a single 2003 Native Domain (Forest still 2000 Functional Level though), and create 2 way external trusts between all the domains (which have been verified and even reset to ensure they weren't the problem).

    Now to the point!

    We also had 2 file servers which we want to consolidate, so using a trusty Netapp FAS6030 setup CIFS shares to do the job, the filer being a member of the new Domain\Forest, no user accounts or groups have been migrated yet.

    Most permissions seem to work OK, all global groups work perfectly, so does setting the ACL for the accounts direct, an even the Universal groups work............kind of.

    If I have a user in OldDomainA which is member of a Universal Group in OldDomainB, then they cannot access shares on the filer just get "Access is Denied", but a user in OldDomainB which is a member of the same group works fine, (same applies the other way round).

    I cannot see why this shouldn't be possible, anyone got any ideas ?

    Cheers
    Chris
    * Shamelessly mentioning "Don't forget to add reputation!"

  • #2
    Re: Strange Problem - Or Maybe Impossible ?

    This sounds like a netapp question.
    edit on netapp\etc\usermap.cfg
    the mappings of the users
    OldDomainA\* == OldDomainB\*

    Hope this helps,
    Avi

    Comment


    • #3
      Re: Strange Problem - Or Maybe Impossible ?

      Originally posted by aviwollman View Post
      This sounds like a netapp question.
      Hi Avi,

      Yea I thought that but If I create a share on the DC for the new domain then the same problem applies, it's definately something to do with cross forest universal groups.

      Topper
      * Shamelessly mentioning "Don't forget to add reputation!"

      Comment


      • #4
        Re: Strange Problem - Or Maybe Impossible ?

        As far as I feel, below is the issue:

        Your trust has been created between new domain and old domain B. Because this is an external trust should not be transitive thus the users of old domain A will be unable to access.

        For confirmation create one more trust between old domain A and new domain and check. It should work.

        Regards,
        Kapil Sharma
        ~~~~~~~~~~~~~
        Life is too short, Enjoy It.

        Comment


        • #5
          Re: Strange Problem - Or Maybe Impossible ?

          Sorry I if I didn't make that clear but all the trusts are configured, both domains in old forest have an external 2-way trust to the New Domain in the sperate forest.

          Chris
          * Shamelessly mentioning "Don't forget to add reputation!"

          Comment


          • #6
            Re: Strange Problem - Or Maybe Impossible ?

            One more thing to check:..............

            Is your Infrastructure Master a GCS in old domain A. If yes then check if the IM of domain B is also a GCS or not.

            If IM in domain B is not a GCS and IM in domain A is a GCS then it should be a problem.

            Remove GC from IM in domain A, if it is. Hope it will resolve the issue.

            GCS = Global Catalogue Server

            Regards,
            Kapil Sharma
            ~~~~~~~~~~~~~
            Life is too short, Enjoy It.

            Comment

            Working...
            X