R
rlinhard
I have following scenario:
three fileservers for example server01, server02,server03.
Each server has the same sharename "myshare".
Furthermore I use DFS for virtualisation and FRS to
synchronise/replicate these shares called "myshare" on all three
servers.
No problem so far, but now it's getting more interesting:
To access the share's I need two things:
- a domain group called "mydomain-sld"
- two local system-accounts "system1" and "system2" on each server.
They have absolutely different SID's on each server!
So, in my design I use a local group "localgroup-sld" on each server
and put the two system accounts and the domain-group "mydomain-sld" in
it and set the NTFS-permission of the share via the local group
"localgroup-sld". I don't use the share-permission (everyone - full
access), just the NTFS-permission in background.
Now, and that's my problem with FRS:
I always have access-problems when mapping the share as network drive.
In the security descriptor I see an unresolved SID into name.
I assume, that FRS will also replicate the ACL's of the "link target's"
in DFS of the shared folter itself. In my mentioned scenario it isn't
nesseccary to replicate also the ACL's - just replicating the content
of the folders/files/directories below.
Any idea how to solve this problem?
PS: How can I determine to a local group name the corresponding SID and
vice versa?
three fileservers for example server01, server02,server03.
Each server has the same sharename "myshare".
Furthermore I use DFS for virtualisation and FRS to
synchronise/replicate these shares called "myshare" on all three
servers.
No problem so far, but now it's getting more interesting:
To access the share's I need two things:
- a domain group called "mydomain-sld"
- two local system-accounts "system1" and "system2" on each server.
They have absolutely different SID's on each server!
So, in my design I use a local group "localgroup-sld" on each server
and put the two system accounts and the domain-group "mydomain-sld" in
it and set the NTFS-permission of the share via the local group
"localgroup-sld". I don't use the share-permission (everyone - full
access), just the NTFS-permission in background.
Now, and that's my problem with FRS:
I always have access-problems when mapping the share as network drive.
In the security descriptor I see an unresolved SID into name.
I assume, that FRS will also replicate the ACL's of the "link target's"
in DFS of the shared folter itself. In my mentioned scenario it isn't
nesseccary to replicate also the ACL's - just replicating the content
of the folders/files/directories below.
Any idea how to solve this problem?
PS: How can I determine to a local group name the corresponding SID and
vice versa?