Could really do with some advice.
We have an existing forest (ForestA) which has 2 root domains in it with the usual tranitive trusts in place (both Windows 2000 Native).
We want to consolidate these into a new forstsingle domain so we created ForestB with a single 2003 Native Domain (Forest still 2000 Functional Level though), and create 2 way external trusts between all the domains (which have been verified and even reset to ensure they weren’t the problem).
Now to the point!
We also had 2 file servers which we want to consolidate, so using a trusty Netapp FAS6030 setup CIFS shares to do the job, the filer being a member of the new DomainForest, no user accounts or groups have been migrated yet.
Most permissions seem to work OK, all global groups work perfectly, so does setting the ACL for the accounts direct, an even the Universal groups work…………kind of.
If I have a user in OldDomainA which is member of a Universal Group in OldDomainB, then they cannot access shares on the filer just get “Access is Denied”, but a user in OldDomainB which is a member of the same group works fine, (same applies the other way round).
I cannot see why this shouldn’t be possible, anyone got any ideas ?
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.