G
Guest
Hi Everybody!
I have seven w2k domains in native mode. Three domains in main Forest (root (MD) domain and two subdomains (SMD1.MD & SMD2.MD)) and four domains in external forests (one domain in each forest ED1, ED2, ED3, ED4).
I have established Two-Way External Trusts between root domains in each forests with main forest (MD<->ED1, MD<->ED2, MD<->ED3, MD<->ED3, MD<->ED4) also I have established Two-Way External Trusts between subdomains in main forest and some external domains (SMD1<->ED1, SMD1<->ED2, SMD2<->ED1, SMD2<->ED2) it all works very well until last week!!!
Last week when I try to add users from domain SMD2 to local domain group in domain ED1 users was added but when I reopen local group to check membership I have seen follow message “Some of the object names cannot be shown in their user-friendly form. This can happen if the object is from an external domain and that domain is not available to translate the object’s name†and in members I see “CN=S-1-5-21-1220945662-1635523078-1801674531-2337,CN=ForeignSecurityPrincipals,DC=ED1†when I see attributes of this FSP object in ADSIedit.msc and compare it with other objects in ForeignSecurityPrincipals container I see that many attributes of this object are not set! Also added users (from SMD2) not take rights and permissions granted to local domain group (in ED1)!
But when I try add to local domain group users from another domain in main forest (from MD or SMD1 all works fine). This problem repeat after recreating trusts and in any combination with domain SMD2 and any external domain (ED1, ED2, ED3, ED4)!
I think that problem are in domain SMD2 and in creating wrong FSP objects but I don’t know how to solve it!
All domain controllers have SP3 and latest security fixes (version of NTDSA.DLL is 5.0.2195.6697)
Please HELP!!!
Thanks in advance for your reply.
I have seven w2k domains in native mode. Three domains in main Forest (root (MD) domain and two subdomains (SMD1.MD & SMD2.MD)) and four domains in external forests (one domain in each forest ED1, ED2, ED3, ED4).
I have established Two-Way External Trusts between root domains in each forests with main forest (MD<->ED1, MD<->ED2, MD<->ED3, MD<->ED3, MD<->ED4) also I have established Two-Way External Trusts between subdomains in main forest and some external domains (SMD1<->ED1, SMD1<->ED2, SMD2<->ED1, SMD2<->ED2) it all works very well until last week!!!
Last week when I try to add users from domain SMD2 to local domain group in domain ED1 users was added but when I reopen local group to check membership I have seen follow message “Some of the object names cannot be shown in their user-friendly form. This can happen if the object is from an external domain and that domain is not available to translate the object’s name†and in members I see “CN=S-1-5-21-1220945662-1635523078-1801674531-2337,CN=ForeignSecurityPrincipals,DC=ED1†when I see attributes of this FSP object in ADSIedit.msc and compare it with other objects in ForeignSecurityPrincipals container I see that many attributes of this object are not set! Also added users (from SMD2) not take rights and permissions granted to local domain group (in ED1)!
But when I try add to local domain group users from another domain in main forest (from MD or SMD1 all works fine). This problem repeat after recreating trusts and in any combination with domain SMD2 and any external domain (ED1, ED2, ED3, ED4)!
I think that problem are in domain SMD2 and in creating wrong FSP objects but I don’t know how to solve it!
All domain controllers have SP3 and latest security fixes (version of NTDSA.DLL is 5.0.2195.6697)
Please HELP!!!
Thanks in advance for your reply.