Question : Disable SID Filtering in a Windows 2000 domain

I'm staging an environment for a migration.  The source domain is Windows 2000 and the target domain is Windows 2003.  I've used Quest Migration Manager for AD to bring the users/groups/contacts over.

After the users and computers have been migrated, the users can no longer access resources in the source domain.  I ran Mytoken and it looks like the users only have 1 token, which led me to believe SIDfiltering is enabled on the 2000 domain.

An article I've read says running this command:

NETDOM TRUST trusting_domain_name /Domain:trusted_domain_name /FilterSIDs:no
/UserD:user /PasswordD:password /UserO:user /PasswordO:password

will disable sidfiltering, but NETDOM HELP TRUST shows that /FilterSIDs is not even an option.

How can I disable SIDFiltering in the 2k domain and verify that its' been disabled?

Regards,

fedsig

Answer : Disable SID Filtering in a Windows 2000 domain

I figured it out.  We had 1 DC at SP4 and one DC at SP3.  The problem was the newer version of the support tools has the netdom command that has the /filtersids switch.  

The resolution was to install SP4 on all DCs, uninstall the currently installed support tools and install the newest version.  

Thanks for your help anyhow.
Random Solutions  
 
programming4us programming4us