Windows smal business server 2003 domain authentication

By rob ·
I hate to sound stupid but here goes-
I am running 2 servers both with Windows Small business server 2003. 1 is the primary domain controller, the other is a file server.
When creating a share on the file server I want only a specific security group from the domain controller to have access. When I try to add the group to the permissions for the folder the machine cannot find it. yes both servers are on the domain, and the file server is authenticating users at logon any help would be greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Only 1 SBS Server per domain.

by Whirl3d In reply to Windows smal business ser ...

To the best of my understanding, only one Small Business Server is allowed per domain. It MUST be the Domain Controller and therefore any other Small Business Server on the same domain would conflict with it.

Try installing Windows Server 2003 R2 on your file server and configure it to get it's domain information from your Primary Domain Controller (which has to be your Small Business Server).

I have had success with this model and I think it will solve your problem.

Best wishes,


Collapse -

2 SBS servers?

by bart777 In reply to Windows smal business ser ...

You can only have 1 SBS server per domain. I suprised that the servers aren't rebooting on you every 30 minutes or so.

If they are seperate domains then still have the problem of SBS not being able to setup trusts.

If the file server is just running the 2003 OS without the SBS piece installed you should be fine.

Now the obvios stuff to test is if the file server can even see the other server via IP. Also test to make sure that the 2 servers are setup with the proper DNS.

Collapse -

mis informed

by rob In reply to 2 SBS servers?

Ok I was misinformed, the file server is NOT SBS it is 2003 R2. When I go into Sharing and security to share the folder, the file server shows only the LOCAL computer name not the domain name like the PDC is. But the machine is part of the domain.

Collapse -


by bart777 In reply to mis informed

If you hit the location button next to the local computer name in teh add users window can you choose the domain?

If not I would re-add the serve to teh domain and see if that helps.

Collapse -

can't choose a domain

by rob In reply to Hmmmm

Nope it won't let me choose a domain, and I did remove and re add it

Collapse -

DNS on the file server?

by Churdoo In reply to can't choose a domain

Is the file server set up with static IP I presume? If so, double check its DNS settings to be sure that the IP of the Small Business Server is the first or only DNS server in the list.

Collapse -

wrong way...

by CG IT In reply to can't choose a domain

to join the server to the domain [and any workstation], you use the SBS management screen to create a computer account first. This puts the computer in the correct SBS OU, once you have the computer[server] account created, you use the connect computer wizard.

From the server you want to add, open IE and in the address bar type http://[SBS server name]/connect computer.

Follow the onscreen prompts.

once you have joined the server to the domain, you can create shared folders and assign permissions using AD groups. Follow Microsoft's Best Practices for setting permissions on shared resrouces.

Collapse -

How did you join the Server to the Domain?

by Whirl3d In reply to mis informed

This may sound crazy, but did you try the SBS preferred method of

And did you setup the server in your SBS2003 Servers list in the SBS Management Console?

How are your users authenticating against the file server? All authentication usually happens from the SBS Server for the entire domain. If your users are authenticating against your file server, the only option they have is local access--otherwise they would authenticate on the domain (using the PDC, AKA SBS)

Also, did you setup your security groups on your SBS machine or the file server. Active Directory Services are controlled by your PDC in SBS and all security groups should be registered on the SBS machine.

This way when you setup any workstation with file sharing priviledges, users authenticate against the domain and are assigned their security rights by the SBS Server.

From the file server's perspective, if properly joined to the domain (listed in the computers or servers section of the SBS Admin and usually assigned an IP Address through DHCP, for example), you should be able to setup NT File Security (i.e. "local") through the server and configure all network-shares through the PDC, SBS.

Does this make sense or am i speaking in circles? It gets really convoluted if you ask me.

hope this helps,

Related Discussions

Related Forums