Hi All, I did an in place upgrade from NT 4 -> 2003 AD
The computers already part of the NT4 domain, get event 5788 and 5789 logon errors in their system event logs. (though they are able to logon) Upon closer examination, newly joined computers to the domain have different security rights when viewed in AD users and computers (advanced view). Specifically, Authenticated users has 'read' checked and there is the existence of the system group with full control security (on newly joined clients to domain (2000 and XP) whereas the system group is not listed in previous domain members. If I manually change the rights, the errors stop (and the fully qualified computer name appears in the general tab whereas it is blank on pre-existing domain members) Is there any way to change all these security rights on the computers that were part of the NT4 domain when upgraded via a script or other method than manually changing each computer's rights? Thanks -- BTW this maillist is a life saver! List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
