Question : Disable SID Filtering in a Windows 2000 domain

I'm staging an environment for a migration. The source domain is Windows 2000 and the target domain is Windows 2003. I've used Quest Migration Manager for AD to bring the users/groups/contacts over.

After the users and computers have been migrated, the users can no longer access resources in the source domain. I ran Mytoken and it looks like the users only have 1 token, which led me to believe SIDfiltering is enabled on the 2000 domain.

An article I've read says running this command:

NETDOM TRUST trusting_domain_name /Domain:trusted_domain_name /FilterSIDs:no
/UserD:user /PasswordD:password /UserO:user /PasswordO:password

will disable sidfiltering, but NETDOM HELP TRUST shows that /FilterSIDs is not even an option.

How can I disable SIDFiltering in the 2k domain and verify that its' been disabled?

Regards,

fedsig

Answer : Disable SID Filtering in a Windows 2000 domain

I figured it out. We had 1 DC at SP4 and one DC at SP3. The problem was the newer version of the support tools has the netdom command that has the /filtersids switch.

The resolution was to install SP4 on all DCs, uninstall the currently installed support tools and install the newest version.

Thanks for your help anyhow.

Random Solutions

Using one keyboard and mouse with two computers at the same time

Public to Private IP - DNS Changes

Is there a way to find when a group membership was added or removed in AD.

Need help with regex mail checking

How to Auto Fill cells with a formula

best practice for cross-database SPs

VBScript: Need to only output the required result, without the junk.

Transferring FSMO roles to windows 2008 server

How can I reduce the execution time of my SQL Server 2005 Stored procedure?

How do I manage connection to MySql db from VB.NET ?