(All servers
running Windows 2003 Standard. Domain/forest functional levels all set to
Windows 2003.)
I have a two-level
domain structure, like this:
DOMAIN
-> DOMAIN-CHILD1
->
DOMAIN-CHILD2
My SQL Server lives
in DOMAIN, and i'm trying to add the machine account for a machine in
DOMAIN-CHILD1 to the SQL logins list.
In the SQL login
property dialog, i browse for an account name, and go into the Domain Computers
members list for DOMAIN-CHILD1. I see the computers in there,
and i pick one and add it: DOMAIN-CHILD1\MACHINE. I give it permissions to a
specific database in the default 'user' role.
But, when i press
OK, it gives me an error dialog stating:
"Error 15401:
Windows NT or group 'DOMAIN-CHILD1\MACHINE$' not found. Check the name
again."
But it definitely
does exist, because it just browsed for it.
Other weird error
is if i try and look at the members of the DOMAIN\Domain Computers group (via
the SQL login browse dialog), it gives me an error dialog
stating:
"The global group
is in a domain which is not in the list of trusted domains. Have more
trusted domains been added while new users were being
selected?"
But, i'm
looking at a global group in the *same* domain as the SQL server.
Weird, eh?
I've
checked the two-way trusts between the parent-child domains and they all
validate correctly.
I've
successfully done this before on another set of servers, where i've added
machine accounts for servers that live in another domain, which is a peer to the
domain which contains the SQL server. (multiple domains in a forest, no
parent-child relationships).
Any
ideas?
Thanks!
Kirk
-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
Kirk Marple
CTO/VP of Engineering
Agnostic Media, Inc.
e: [EMAIL PROTECTED]
w: www.agnostic-media.com
CTO/VP of Engineering
Agnostic Media, Inc.
e: [EMAIL PROTECTED]
w: www.agnostic-media.com
You can get my Digital ID here: https://digitalid.verisign.com/services/client/index.html