Thanks for the reply .. I am a bit new with AD so bear with me here.
The security options for the OU and Computers themselves are different. For instance on the computer itself you can set permissions for 'write DNS host name attributes' while on the security for the OU there is no option for that. How do I go about setting inheritance? I made a test OU and put one of the machine accounts in there to test. In the advanced tab on the security for the computer in the new OU it has inheritable permission set. Not sure how to do it on the new OU. thanks -----Original Message----- From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 9:32 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migrated NT4 domain member's computers have incor rect rights in 2 003 AD instead of correcting the security on each one of them, you may want to create a new OU for the machines and set the security for the computer accounts via inheritance on the OU. 2003 even allows you to change the Default Computers container into a normal OU which allows you to set GPOs etc. - but I preferr using a different OU and keeping the default configured as is. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Samstag, 6. Dezember 2003 07:12 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Migrated NT4 domain member's computers have incor rect rights in 2 003 AD Problem is I have about 70 PCs who need this. I would rather not rejoin the domain on all of them. Looks like can be solved by changing rights in AD users and computers Why do I have to remain in mixed mode? The desktops are 2000 or XP. Thanks for your reply -----Original Message----- From: Rick Reynolds [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2003 5:19 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Migrated NT4 domain member's computers have incorrect rights in 2 003 AD I unjoined and re-joined mine to the domain, this will work as long as you are running mixed mode, Or keep one nt4 dc around ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 05, 2003 10:53 AM Subject: [ActiveDir] Migrated NT4 domain member's computers have incorrect rights in 2 003 AD > Hi All, > > I did an in place upgrade from NT 4 -> 2003 AD > > The computers already part of the NT4 domain, get event 5788 and 5789 logon > errors in their system event logs. (though they are able to logon) > > Upon closer examination, newly joined computers to the domain have different > security rights when viewed in AD users and computers (advanced view). > Specifically, Authenticated users has 'read' checked and there is the > existence of the system group with full control security (on newly > joined clients to domain (2000 and XP) whereas the system group is not > listed in previous domain members. If I manually change the rights, > the errors stop (and the fully qualified computer name appears in the > general tab whereas it > is blank on pre-existing domain members) > > Is there any way to change all these security rights on the computers > that were part of the NT4 domain when upgraded via a script or other > method than > manually changing each computer's rights? > > Thanks -- BTW this maillist is a life saver! > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
