2003 Server in 2000 domain: permissions problem

P

PopeKevinI

2[H]4U
Joined
Mar 25, 2002
Messages
2,880
I've got a 2003 Server file/application server that started giving me problems a few weeks ago. I was trying to set up some test accounts to try a new group policy format...part of that was setting up shares for each user account.

When I created the shares, I found that I couldn't locate any of the new accounts to add to the permissions list. Then I realized I couldn't even use Administrator; the location was set to the local machine, and I couldn't change it to look at the domain.

If I look at the permissions already set on another share, the account names are gone, in favor of what I must assume is a unique ID number for the account. Each begins with "S1-" and is a long series of characters (I'm pretty sure I used to know what this was called, I forget now :) )

So...any ideas on what caused this to start happening?
 
Its called an SID, or Security ID. It is the behinds-the-scene way AD maps permissons (so that you can rename a user but their SID stays the same, and so do their permissons)

Usually happens when an account is deleted. If everything shows like that, it seems your 2003 box can't talk/authenticate to the domain.
 
Fint said:
Its called an SID, or Security ID. It is the behinds-the-scene way AD maps permissons (so that you can rename a user but their SID stays the same, and so do their permissons)

Usually happens when an account is deleted. If everything shows like that, it seems your 2003 box can't talk/authenticate to the domain.
Click to expand...

Yeah, I figured it was an authentication problem...the question is, what do I do now? I rebooted both the servers over the weekend (shut down file server, rebooted DC, powered up file server) and it hasn't changed.
 
Do you have any issues logging into the new server with a domain account, or with accessing networked-resources with that server? Disjoining and re-joining the domain may fix it, but there may be an easy/quicker way.
 
Don't know how much easier or quicker it could be than remvoving the account and rejoining the domain. That's what you need to do. As long as you have rights to do that it should take all of a few mintues at most, plus reboot time.
 
ktwebb said:
Don't know how much easier or quicker it could be than remvoving the account and rejoining the domain. That's what you need to do. As long as you have rights to do that it should take all of a few mintues at most, plus reboot time.
Click to expand...

yeah I was hoping to avoid another reboot.

So take the server out of the domain and add it again, and it should be fine...sounds about right. Every time I reboot this thing people complain.
 
rcolbert said:
Funny how that goes, isn't it?
Click to expand...
Whenever that happens at my work, I can hear people down the hall yelling "Server!" Then again, they oughta stop playing Counter-strike and get back to work. :p
 
This is the same way it would look if you logged into it with a local admin account. of course if its a DC you couldn't. you deff have an authitication issue. make sure you have physicalk connection, then ping, then make sure the time in the servers are sync. If its a member server make sure your logging into the correct domain.
 
That's why I like offline file cache. If for some reason I need to reboot the fileserver in the middle of the day (I think this has happened once in 3 years), I just send an email telling people not to try and save their documents / get new docs. Reboot server, users are told server is offline, then resnyc when server is back up. It's not something I *like* to do, but it's not that bad.
 
You must log in or register to reply here.
Back
Top