VoooDooo Posted February 2, 2004 Report Share Posted February 2, 2004 i have here a Windows NT 4.0 domain and a Win2k domain (in native mode), a trust in both ways was established and works.But i have a problem, the users from the Win2k domain dont appear in the Windows NT 4 domain (e.g. in Security of Folders). When i create a user in the Win2k domain he dont appears in the WinNT domain, but when i add him to the Administratos groupe and wait for a few minutes he appears in the WinNT domain, thereafter i can even take the user out of the Administrators groupe and he is still visible.I can manually add users, but thus i can see them i have to add them a short time to the Administrative group, if i dont do this i can wait for ever and will never see them.Do you know a solution for my problem? Quote Link to comment Share on other sites More sharing options...
nellie2 Posted February 2, 2004 Report Share Posted February 2, 2004 I moved this because it sounds a bit like a network problem!! :) Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 5, 2004 Report Share Posted February 5, 2004 Just noticed the date of your posting, have you managed to fix the prob? if so, how?As you will know Windows 2000 Group Policy is not like NT 4. It uses Local policy then Site policy then Domain policy and finally a combo.If you change the local policy, the change may be wiped over with a site, domain or OU policy. In fact, the domain policy is most likely the placewhere your security option is set. Have you double checked AD Users/Computers and AD Sites/Services, to see if you have a policy defined. Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 5, 2004 Report Share Posted February 5, 2004 Just re-read your post.....ignore the above. Whats your status? Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 5, 2004 Report Share Posted February 5, 2004 If when you logon to either domain, you should see all its "trusted" domains listed as available domains to logon too, and if you don't, then the trust doesn't exist. You should also see the trusted domains as available to select user/groups from when changing acls on files/folders etc. remove all of the problem trusted/trusting entries from both the nt4 and 2k dc and start overAlso be sure that you're using the netbios domain names and not the fqdn name of the 2k domain. Establish Trusts with a Windows NT-Based Domain in Windows 2000 http://support.microsoft.com/?id=308195 Trusted Domains Do Not Appear in the Available List for Domain Logon or http://support.microsoft.com/?id=310611 "RestrictAnonymous" Registry Value May Break the Trust to a Windows http://support.microsoft.com/?id=296405 Quote Link to comment Share on other sites More sharing options...
VoooDooo Posted February 5, 2004 Author Report Share Posted February 5, 2004 still have the Problem.I see all the domains, for logon also for acls on folders, so the trusts work. Also used the NetBIOS-name.But i will remove the trust and set a new one (just as a try), and take a look at the links. Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 5, 2004 Report Share Posted February 5, 2004 Yeah your trust is working but somethings not quite right. Don't forget to post back with the results. Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 5, 2004 Report Share Posted February 5, 2004 Noticed you've posted in a couple of other forums, did you get anywhere with them? Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 5, 2004 Report Share Posted February 5, 2004 Finally theres also the Trust Between a Windows 2000 Domain and a Windows NT 4.0 DomainOn the Windows 2000 domain controller (DC), click Active Directory Domains and Trusts. Right-click the domain name, click Properties, and then click the Trusts tab.Under Domains that trust this domain, click Add.In Trusting Domain, type NTDOMAIN, and a password. start User Manager For Domains. Open Policies, and then open Trust Relationships. Under Trusting Domain, click Add.In Trusting Domain, type W2KDOMAIN, and then type the appropriate password.On the 2K machine under Domains trusted by this domain on the Trust tab, click Add, type NTDOMAIN and the appropriate password. "The trusted domain has been added and the trust has been verified.", should appear.On the Windows NT 4.0 PDC, add the W2KDOMAIN domain as a trusted domain and see what happensTheres also LMHOSTS File for Domain Validation http://support.microsoft.com/default.aspx?...kb;EN-US;180094 Quote Link to comment Share on other sites More sharing options...
VoooDooo Posted February 6, 2004 Author Report Share Posted February 6, 2004 no, no really helpful tips in the other forums yet.And i know how to establish a trust, thx ;). Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 6, 2004 Report Share Posted February 6, 2004 Sorry VoooDooo, you obviously do know how to set up a trust. My last post was 2K 2 NT as apposed to the other way around and I couldn't think of anything else that might work. Quote Link to comment Share on other sites More sharing options...
VoooDooo Posted February 17, 2004 Author Report Share Posted February 17, 2004 i found a solution. You have to add the group „Domain Admins“ from the NT4 domain to the local „Administrators“ group of the Win2k domain, then the user from the Win2k domain immediately appear in the NT4 domain. Quote Link to comment Share on other sites More sharing options...
spikeychris Posted February 18, 2004 Report Share Posted February 18, 2004 Very good. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.