Security groups in Active directory not applying after de promoting a domain controller

S

Simon

Hi,

We had two domain controllers with Windows 2000 server. We decided to
de promote one by using dcpromo. This process worked fine, how ever
when we create a group in active directory. If we create a new group
in active directory and add members to that group. When accessing a
folder with that group in the permissions we get the error: Access
Denied.

However if we were to add the user, it works fine!!

I'm assuming this is to do with the de promoting of a server, however
we've not added a group for a while so it may be caused by something
else.

Any help would great!!!

Simon
 
A

Andrei Ungureanu

hhmmm.... Have you tried to log on and off the user after you have modified
the group membership??
 
S

Simon

Yeah, we've done that. Its been like it for a couple of days. So we've
given it time to update the settings. We've even restarted our other
domain controller to see that would have effect. Nothing!!!
 
C

Cary Shultz [A.D. MVP]

Simon,

Are you having any replication issues? Have you looked at repadmin
/showconn and repadmin /showreps as well as replmon? How about dcdiag /c /v
and netdiag /v? All these tools are from the Support Tools that you can get
from the WIN2000 Service Pack CD or from the microsoft web site.

HTH,

Cary
 
S

Simon

Ok,

We may be getting somewhere. When I ran repadmin /showreps I got the following:

==== INBOUND NEIGHBORS ======================================

CN=Schema,CN=Configuration,DC=its,DC=co,DC=uk
Default-First-Site-Name\ITS_SQL1 (deleted DSA) via RPC
objectGuid: 669b0b10-8a62-4771-a394-ea8085d0a257

CN=Configuration,DC=its,DC=co,DC=uk
Default-First-Site-Name\ITS_SQL1 (deleted DSA) via RPC
objectGuid: 669b0b10-8a62-4771-a394-ea8085d0a257

DC=its,DC=co,DC=uk
Default-First-Site-Name\ITS_SQL1 (deleted DSA) via RPC
objectGuid: 669b0b10-8a62-4771-a394-ea8085d0a257

This seems to be referring to the old server?? Is this ok? How do we get rid of it?
 
S

Simon

Thanks for the replys, i've been away on holiday.

The problem seems to of sorted its self out. Typical Microsoft!!!

Thanks anyay for your time and assistance
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

promoting additional domain controller 1
Recreating domain controller 4
relation betwwen domain and domain controller 2
Windows 2000 Domain Controller 2
Event 1168 promoting domain controller in child domain 1
Report in Active Directory 6
Active Directory wont see domain controller 2
Can not add second DC to active directory domain 3

Top