On 1/4/06, Carerros, Charles <[EMAIL PROTECTED]> wrote:
Tom,Did you enable SID History on the W2K3 domain?Charlie
From: Tom Kern [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 04, 2006 11:35 AM
To: activedirectory
Subject: [ActiveDir] migration question(ot)
I have a user/pc i migrated from a win2k native forest to a win2k3 FFL forest.He is running a local verison of IBM Websphere which runs under a local machine account.When he logs into the old forest, all is well.when he logs into the new forest, the app spits out an error that the Websphere account can't read the group memebership of the user's domain account.Now, i don't understand how the local account is able to read the user's memebership in AD in the old domain unless its due to the "anonymous" user being in the "everyone" group in win2k?Is that it?is it the heightened sceurity in win2k3 that i'm encountering here.I know i should just create a domain account for the service and give it rights to read the user's group memebership, but i'm just wondering why it works in Win2k Forest but not the Win2k3 forest.Thanks.
