Win2k domain user dont appear in WinNT domain

[VoooDooo]

i have here a Windows NT 4.0 domain and a Win2k domain (in native mode), a trust in both ways was established and works.

But i have a problem, the users from the Win2k domain dont appear in the Windows NT 4 domain (e.g. in Security of Folders). When i create a user in the Win2k domain he dont appears in the WinNT domain, but when i add him to the Administratos groupe and wait for a few minutes he appears in the WinNT domain, thereafter i can even take the user out of the Administrators groupe and he is still visible.

I can manually add users, but thus i can see them i have to add them a short time to the Administrative group, if i dont do this i can wait for ever and will never see them.

Do you know a solution for my problem?

[nellie2]

I moved this because it sounds a bit like a network problem!! :)

[spikeychris]

Just noticed the date of your posting, have you managed to fix the prob? if so, how?

As you will know Windows 2000 Group Policy is not like NT 4.

It uses Local policy then Site policy then Domain policy and finally a combo.

If you change the local policy, the change may be wiped over with a site,

domain or OU policy. In fact, the domain policy is most likely the place

where your security option is set. Have you double checked AD Users/Computers and AD Sites/

Services, to see if you have a policy defined.

[spikeychris]

Just re-read your post.....ignore the above. Whats your status?

[spikeychris]

If when you logon to either domain, you should see all its "trusted" domains listed as available domains to logon too, and if you don't, then the trust doesn't exist. You should also see the trusted domains as available to select user/groups from when changing acls on files/folders etc.

remove all of the problem trusted/trusting entries from both the nt4 and 2k dc and start over

Also be sure that you're using the netbios domain names and not the fqdn name of the 2k domain.

Establish Trusts with a Windows NT-Based Domain in Windows 2000 http://support.microsoft.com/?id=308195

Trusted Domains Do Not Appear in the Available List for Domain Logon or http://support.microsoft.com/?id=310611

"RestrictAnonymous" Registry Value May Break the Trust to a Windows http://support.microsoft.com/?id=296405

[VoooDooo]

still have the Problem.

I see all the domains, for logon also for acls on folders, so the trusts work. Also used the NetBIOS-name.

But i will remove the trust and set a new one (just as a try), and take a look at the links.

[spikeychris]

Yeah your trust is working but somethings not quite right. Don't forget to post back with the results.

[spikeychris]

Noticed you've posted in a couple of other forums, did you get anywhere with them?

[spikeychris]

Finally theres also the Trust Between a Windows 2000 Domain and a Windows NT 4.0 Domain

On the Windows 2000 domain controller (DC), click Active Directory Domains and Trusts. Right-click the domain name, click Properties, and then click the Trusts tab.

Under Domains that trust this domain, click Add.

In Trusting Domain, type NTDOMAIN, and a password. start User Manager For Domains. Open Policies, and then open Trust Relationships. Under Trusting Domain, click Add.

In Trusting Domain, type W2KDOMAIN, and then type the appropriate password.

On the 2K machine under Domains trusted by this domain on the Trust tab, click Add, type NTDOMAIN and the appropriate password. "The trusted domain has been added and the trust has been verified.", should appear.

On the Windows NT 4.0 PDC, add the W2KDOMAIN domain as a trusted domain and see what happens

Theres also LMHOSTS File for Domain Validation http://support.microsoft.com/default.aspx?...kb;EN-US;180094

[VoooDooo]

no, no really helpful tips in the other forums yet.

And i know how to establish a trust, thx ;).

[spikeychris]

Sorry VoooDooo, you obviously do know how to set up a trust. My last post was 2K 2 NT as apposed to the other way around and I couldn't think of anything else that might work.

[VoooDooo]

i found a solution. You have to add the group „Domain Admins“ from the NT4 domain to the local „Administrators“ group of the Win2k domain, then the user from the Win2k domain immediately appear in the NT4 domain.

[spikeychris]

Very good.