General discussion

Locked

Access to Shares across domains

By lana_k66 ·
Hello, I am hoping that aomebody would be able to help me on this please:
Existing Windows NT domain; Shared directories resides on member servers; Users are getting access to Shares through Group membership.
A new Domain created and two-way trustestablished with the existing one.
Users from the old domain are due to be migrated to the new one for authentication, but the old Domain will stay as a resource domain.
Now - as per Microsoft - to enable users to access old resources all we need to do - to create Global groups in new domain and place them inside the Local groups for access control on each individual share..well- this didn't work :-(. the only way to grant user access to share is to place his new-domain account into permissions for each share.
I am sure, I am missing something here - how can we administer access to shares by groups, not by users?
Any thoughts will be much apprecciated.
Lana.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Access to Shares across domains

by Koetsier In reply to Access to Shares across d ...

I haven't tested it, but logically, I would say you're doing it the opposite way it should be. When creating a new domain, the user is checked via the new domain, and gaines no access. When you create a global group on the new server, and places theusers of the old domain via a group in this new domain, it would maybe work?

Collapse -

Access to Shares across domains

by lana_k66 In reply to Access to Shares across d ...

Poster rated this answer

Collapse -

Access to Shares across domains

by Lez In reply to Access to Shares across d ...

Hi Lana, your procedure is correct. I have the same setup as well, where my domains are divided into authentication and resource.

1) Authentication domain has global groups setup. 2) Resource doman has local groups setup.
3) Rights to shares aregiven to the local groups.
4) Only global groups are added to the local groups.
5) Users are added only to the Global groups.

Now, there are a couple of things that may be casing the problem, like the SAM databases are not replicating properly,the trust needs to be re-setup etc. Since you've mentioned the 2 way trust being setup, we can look at something else first.

Besides the NTFS rights on the folder (where you right click the folder and click on the permissions tab), there is also security on the share. This can only be accessed from the resource server. If you go into properties from the server, besides the "Security" tab, you should see a tab called "Sharing".

In sharing, there is a "Permissions". You need to add the domain users to this as well. For ease of maintenance, you can grant everyone full rights under "Sharing" and control the NTFS rights from "Security". This way if there are changes, you need only to change the rights under "Security".

Revert if it doesn't work. Good luck!

Collapse -

Access to Shares across domains

by lana_k66 In reply to Access to Shares across d ...

Thanks, Lez, yes, we've done the same as you've said - assigned permissions on the Share itself in both Sharing and Security. We didn't know about adding Domain Users though, so - thanks for the tip. Still confuses me - when we added New Domain Global group into Old Domain Local group, users from new domain were not able to access share. but it did work when we added New Domain Global Group directly into Share permissions..(still better then nothing ;-) )
Thank you again for your input.
Lana.

Collapse -

Access to Shares across domains

by lana_k66 In reply to Access to Shares across d ...

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums