We have an Active Directory domain running on Server 2003 DCs running in Server 2003 functional level. We have member servers in it that are also running 2003. We have two NT4.0 domains that have two-way trusts with the AD domain. We're able to add domain admins from one of the NT4.0 domains to the administrators on the member servers in the AD domain but when we add domain admins from the other NT4.0 domain into the administrators on the member servers it doesn't work right. We're able to add it, but when we 'OK' out and then go back in to look at the administrators group membership on the member servers, the domain admins group from the NT4.0 domain has been converted to the sid and has a question mark and just an outline of a head for an icon.
This happens periodically... it comes and it goes. It's also inconsistent on a per-member server basis. I've validated the trust and have verified that WINS is working and the PDC, the member server, and the PDC emulator are able to each resolve each other. We're not using restricted groups at all. Restrict anonymous has been disabled (temporarily) on the DC GPO. It's still enabled on the member servers. But if this was GPO wouldn't it affect all member servers and to both of the NT4.0 domains? Lastly, any group or user from that NT4.0 domain gets translated. The net effect is that we're not able to use the group membership to logon as local admin. Any ideas? Thanks, Mike ******************* PLEASE NOTE ******************* This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
