I unjoined and re-joined mine to the domain, this will work as long as you are running mixed mode, Or keep one nt4 dc around ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 05, 2003 10:53 AM Subject: [ActiveDir] Migrated NT4 domain member's computers have incorrect rights in 2 003 AD
> Hi All, > > I did an in place upgrade from NT 4 -> 2003 AD > > The computers already part of the NT4 domain, get event 5788 and 5789 logon > errors in their system event logs. (though they are able to logon) > > Upon closer examination, newly joined computers to the domain have different > security rights when viewed in AD users and computers (advanced view). > Specifically, Authenticated users has 'read' checked and there is the > existence of the system group with full control security (on newly joined > clients to domain (2000 and XP) whereas the system group is not listed in > previous domain members. If I manually change the rights, the errors stop > (and the fully qualified computer name appears in the general tab whereas it > is blank on pre-existing domain members) > > Is there any way to change all these security rights on the computers that > were part of the NT4 domain when upgraded via a script or other method than > manually changing each computer's rights? > > Thanks -- BTW this maillist is a life saver! > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
