Hi Chandra,
When you migrated the NT4 domain-admin account to your AD
domain, did you keep "sidHistory"? If the new AD domain-admin account has
the sidHistory of the old NT4 domain-admin account, it should have no trouble
exercising 'domain-admin' rights in the NT4 domain. It will, in effect, be
masquerading as the NT4 domain-admin.
Look at the security token of your AD domain-admin account
and see if the SID of the old NT4 domain-admin account is in there. If
not, that's your problem. You need to migrate with
sidHistory.
- G
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chandra Burra
Sent: Wednesday, January 11, 2006 12:32 PM
To: [email protected]
Subject: Re: [ActiveDir] NT and AD Permissions
On 1/11/06, Almeida
Pinto, Jorge de <[EMAIL PROTECTED]>
wrote:
is that account member of the Domain Admins in AD?
jorge
________________________________
From: [EMAIL PROTECTED] on behalf of Chandra Burra
Sent: Wed 2006-01-11 18:41
To: [email protected]
Subject: [ActiveDir] NT and AD Permissions
Hi,
we have a NT domain and a new 2003 AD domain....Migrated a domain admin account, but after migration, that account can not connect to admin shares like C$ or D$...... is there any quick fix..
I have the Domain Admins group on AD as a member of Local Administrators group on the NT Domain...is there something i am missing??
Thanks in advance...
Regards,
Chandra
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
