Cannot map drives across AD domains to DC's

[Garry McMinds]

For business reasons, our office has two Win 2000 AD domains. The
problem: we can no longer map drives or NET USE from machines on DomainA
to the DC's of DomainB. We are using DomainB\userid credentials. We can
map drives to member servers and worksttns on DomainB. And we can map
from DomainB to any system on DomainA (using DomainA credentials). And
we can map from DomainB to DC's on DomainB. Previously, we could map
from DomainA to DomainB DC's. Also, one machine that was recently
removed and then re-joined to DomainB cannot map drives to or even
browse the shares of the DC's of DomainB, even when logged in with an
adminstrator account. None of the attempts to map drives show up in
event viewer on either DC. All of the other machines of DomainB can map
and browse the DC's. Does this ring a bell with anyone? I've looked at
GP and log on locally to domain controller contains both admins and
domain users.

A NET USE command yields "System error 5 has ocurred. Access denied"

Ideas appreciated. TIA
Garry

 

[Kevin Bowersock]

Check your Default domain controllers policy for the following rights: (
these are the defaults, you may have others as well)

Access this computer from the network
=====================================
3 account(s) with the SeNetworkLogonRight user right:
BUILTIN\Administrators
NT AUTHORITY\Authenticated Users
\Everyone
All accounts enumerated


Bypass Traverse Checking
========================
1 account(s) with the SeChangeNotifyPrivilege user right:
\Everyone
All accounts enumerated
Enable computer and user accounts to be trusted for delegation
==============================================================
1 account(s) with the SeEnableDelegationPrivilege user right:
BUILTIN\Administrators
All accounts enumerated

Manage auditing and security log
================================
1 account(s) with the SeSecurityPrivilege user right:
BUILTIN\Administrators
All accounts enumerated

(e-mail address removed)

This posting is provided "AS IS"
with no warranties, and confers no rights
--------------------
From: Garry McMinds <[email protected]>
Subject: Cannot map drives across AD domains to DC's
Date: Mon, 17 May 2004 09:25:44 -0400
Message-ID: <[email protected]>
Organization: Waratah
X-Newsreader: MicroPlanet Gravity v2.60
Newsgroups: microsoft.public.win2000.file_system
NNTP-Posting-Host: durham-17-162.biz.dsl.gtei.net 4.3.17.162
Lines: 1
Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.file_system:19932
X-Tomcat-NG: microsoft.public.win2000.file_system


For business reasons, our office has two Win 2000 AD domains. The
problem: we can no longer map drives or NET USE from machines on DomainA
to the DC's of DomainB. We are using DomainB\userid credentials. We can
map drives to member servers and worksttns on DomainB. And we can map
from DomainB to any system on DomainA (using DomainA credentials). And
we can map from DomainB to DC's on DomainB. Previously, we could map
from DomainA to DomainB DC's. Also, one machine that was recently
removed and then re-joined to DomainB cannot map drives to or even
browse the shares of the DC's of DomainB, even when logged in with an
adminstrator account. None of the attempts to map drives show up in
event viewer on either DC. All of the other machines of DomainB can map
and browse the DC's. Does this ring a bell with anyone? I've looked at
GP and log on locally to domain controller contains both admins and
domain users.

A NET USE command yields "System error 5 has ocurred. Access denied"

Ideas appreciated. TIA
Garry

 

[Garry McMinds]

Thank you very much for your reply. I checked those rights in the GP
snap-in, the Groups were listed as you indicated. While in there, I
opened up he auditing policy to show both successful and failed login
attempts in the event log. The only event's that are listing are
replications , the logon attempts from across the domain are not
registering. Very odd. Any other ideas? Thanks again
Garry