migrate or consolidate, which would be best

[UNCC92]

I have an NT 4.0 domain that I need to migrate to an existing Windows
2000 native mode domain.

If I were to upgrade the PDC in the NT 4.0 domain to Windows 2000 and
make the NT 4.0 domain a child of my native mode domain, would it be
easier for me to migrate/consolidate that way?


Here is my problem, in my source domain (NT 4.0) we have some rights
that explicitly tied to the global domain users group (why they didn't
use the local users group is beyond me). Well when we migrate a user
(using NetIQ's DMA tool, we do select SIDHistory). Once the user is
migrated (actually cloned in our case)they can access resources in the
NT 4.0 domain fine except those shares that grant rights to the global
domain users group (apparently someone tried replacing the group
'Everyone' with the 'domain users group'. Anyhow when the user logs
in using their new AD user account and tries to access a share that
grants rights to the 'domain users' group, they get an 'access
denied'. If they logon using their NT 4.0 account they get to the
share fine.

Would upgrading the NT 4.0 domain to a mixed mode domain help relieve
the problem with built-in groups being granted rights.

Thanks,

GW

 

[Brian Desmond [MVP]]

Hi,

I'd recommend collapsing the domain into the existing tree. You can setup a
trust until permissions are migrated and put your Ad users in the NT sec
group.

--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com