|
|
We've recently started migrating users from our legacy domain to our
newly created domain.
There is a two way trust between the domains, and several servers have
been migrated with no issue.
One particular server is giving me headaches, however. Once migrated
to the new domain, this server does not show users in local groups,
but rather their SIDs.
When I add new users to the group, regardless of which domain the user
is in, it will just show the SID.
I've downloaded an app that resolves the SIDs manually, and I have
confirmed that the SIDs do resolve to users.
Furthermore, when I add the users to the groups, the correct
permissions are granted (NTFS security), but it will always resolve to
the SID only.
Any ideas how to get the Domain\User to show up instead of SID?
I've uploaded a screen shot to the following URL (SID Edited for
privacy purposes)
http://img504.imageshack.us/img504/12/sidtmje1.jpg
Thanks in advance for any help.
|
|
Hi
On the server that shows the SIDs:
Check if name resolution is working correctly for that machine
Check FIREWALL config and logs
Check if you're using a domain account when looking at the properties of
that resource.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"AlanW." <adweber[ at ]gmail.com> wrote in message
news:2c4b9e52-69a4-4cf1-9363-828e995e3733[ at ]g1g2000pra.googlegroups.com...
[Quoted Text] > We've recently started migrating users from our legacy domain to our > newly created domain. > There is a two way trust between the domains, and several servers have > been migrated with no issue. > > One particular server is giving me headaches, however. Once migrated > to the new domain, this server does not show users in local groups, > but rather their SIDs. > When I add new users to the group, regardless of which domain the user > is in, it will just show the SID. > > I've downloaded an app that resolves the SIDs manually, and I have > confirmed that the SIDs do resolve to users. > Furthermore, when I add the users to the groups, the correct > permissions are granted (NTFS security), but it will always resolve to > the SID only. > > Any ideas how to get the Domain\User to show up instead of SID? > I've uploaded a screen shot to the following URL (SID Edited for > privacy purposes) > > http://img504.imageshack.us/img504/12/sidtmje1.jpg> > Thanks in advance for any help.
|
|
Log onto the server as a domain admin and run the following from a command
prompt
netdiag.exe /v > c:\netdiag.log
Open up c:\netdiag.log with notepad.exe and look for errors
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"AlanW." <adweber[ at ]gmail.com> wrote in message
news:2c4b9e52-69a4-4cf1-9363-828e995e3733[ at ]g1g2000pra.googlegroups.com...
[Quoted Text] > We've recently started migrating users from our legacy domain to our > newly created domain. > There is a two way trust between the domains, and several servers have > been migrated with no issue. > > One particular server is giving me headaches, however. Once migrated > to the new domain, this server does not show users in local groups, > but rather their SIDs. > When I add new users to the group, regardless of which domain the user > is in, it will just show the SID. > > I've downloaded an app that resolves the SIDs manually, and I have > confirmed that the SIDs do resolve to users. > Furthermore, when I add the users to the groups, the correct > permissions are granted (NTFS security), but it will always resolve to > the SID only. > > Any ideas how to get the Domain\User to show up instead of SID? > I've uploaded a screen shot to the following URL (SID Edited for > privacy purposes) > > http://img504.imageshack.us/img504/12/sidtmje1.jpg> > Thanks in advance for any help.
|
|
Paul, I ran netdiag.exe with the /v modifier..
Results are less than comforting:
[FATAL] Failed to get system information of this machine.
That is the entire contents of the log file.
Jorge,
DNS is functioning as expected on this machine. I can ping internal
and external devices via their FQDN
There is no firewall between the server, my workstation, or the domain
controllers/DNS servers.
I am logged in with a domain admin account when trying to view the
group contents.
Thank you for your replies!
|
|
Hum...
Check SIDTONAME tool and make sure that the accounts exists in AD.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"AlanW." <adweber[ at ]gmail.com> wrote in message
news:9f64b7eb-0249-44c3-91fd-c5fa1058bbfb[ at ]w1g2000prm.googlegroups.com...
[Quoted Text] > Paul, I ran netdiag.exe with the /v modifier..
>
> Results are less than comforting:
>
> [FATAL] Failed to get system information of this machine.
>
> That is the entire contents of the log file.
>
>
> Jorge,
> DNS is functioning as expected on this machine. I can ping internal
> and external devices via their FQDN
> There is no firewall between the server, my workstation, or the domain
> controllers/DNS servers.
> I am logged in with a domain admin account when trying to view the
> group contents.
>
> Thank you for your replies!
|
|
It appears you have communications problems. Are you sure that the nic is
working properly? Local firewall turned off? Do you have an ip address
assigned to the machine?
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"AlanW." <adweber[ at ]gmail.com> wrote in message
news:9f64b7eb-0249-44c3-91fd-c5fa1058bbfb[ at ]w1g2000prm.googlegroups.com...
[Quoted Text] > Paul, I ran netdiag.exe with the /v modifier..
>
> Results are less than comforting:
>
> [FATAL] Failed to get system information of this machine.
>
> That is the entire contents of the log file.
>
>
> Jorge,
> DNS is functioning as expected on this machine. I can ping internal
> and external devices via their FQDN
> There is no firewall between the server, my workstation, or the domain
> controllers/DNS servers.
> I am logged in with a domain admin account when trying to view the
> group contents.
>
> Thank you for your replies!
|
|
|