"=?Utf-8?B?RlAgRnJ1c3RyYXRlZA==?="
<(E-Mail Removed)> wrote in
news:A4E9C887-14C2-4B9B-AFF0-(E-Mail Removed):
> Does Windows 2003 AD trust a Windows NT/2000 Workgroup with the Same
> name as the Domain?
>
> I have 4 networks. 1 Windows 2003 AD Domain, and 3 Workgroup
> Subnetworks. Two users came from a subnetwork to the W2k3 AD Domain,
> and authenticated. Left and went back to their own Workgroup Server,
> and now cannot see/connect to shares on the workgroup server or a
> printer share on a workstation.
>
> Before the W2K3 AD Domain was a Windows NT 4.0 Domain.
>
Hi there --
No, you can't configure AD to trust workgroups. AD forests can be
configured to trust forests and AD domains can be configured to trust other
domains.
Keep in mind that in a workgroup, the user is only logging onto the
machine, where the user has a user account -- on that machine only. To
allow the user to log on to other machines in the workgroup, you have to
create a user account on each machine for the user.
With AD, you create a user account and the user can log on to any domain
resource (such as other computers) with the credentials for that user
account. The user can access shares on other computers for which the user
has been granted explicit access, too, without having a user account on the
computer where the share is created.
To troubleshoot the problem you are having you must know where the users
have accounts (in the domain AND on computers in their workgroups) and
whether they are entering their credentials properly.
Also keep in mind that depending on how things are configured, a user can
log on to a domain from a computer that is not a domain member as long as
there is a network path from the computer to the DC. So your users might be
logging onto the domain (instead of to the local computer in the workgroup)
with the AD user account, then attempting to access local resources for
which they do not have permission with the AD user account -- only the user
account on their local machine has permission to access the resources.
Even if you use the same user name and password for the account in AD and
the account configured in the Security Accounts Manager (SAM) database on
each individual workgroup machine, the accounts are all different and
cannot be used interchangeably.
There are quite a few solutions to this problem, but a simple one is to
make sure that when users are in their workgroup, they log on to the local
machine only.
Another solution might be to assign permissions to workgroup resources to
their user account in AD -- using the syntax DOMAIN\username for the share.
You will need to experiment to see what works best for your setup.
FA
x-- 100 Proof News -
http://www.100ProofNews.com
x-- 3,500+ Binary NewsGroups, and over 90,000 other groups
x-- Access to over 1 Terabyte per Day - $8.95/Month
x-- UNLIMITED DOWNLOAD
Similar Threads
Linear Mode
