Question : Disable SID Filtering in a Windows 2000 domain

I'm staging an environment for a migration. The source domain is Windows 2000 and the target domain is Windows 2003. I've used Quest Migration Manager for AD to bring the users/groups/contacts over.

After the users and computers have been migrated, the users can no longer access resources in the source domain. I ran Mytoken and it looks like the users only have 1 token, which led me to believe SIDfiltering is enabled on the 2000 domain.

An article I've read says running this command:

NETDOM TRUST trusting_domain_name /Domain:trusted_domain_name /FilterSIDs:no
/UserD:user /PasswordD:password /UserO:user /PasswordO:password

will disable sidfiltering, but NETDOM HELP TRUST shows that /FilterSIDs is not even an option.

How can I disable SIDFiltering in the 2k domain and verify that its' been disabled?

Regards,

fedsig

Answer : Disable SID Filtering in a Windows 2000 domain

I figured it out. We had 1 DC at SP4 and one DC at SP3. The problem was the newer version of the support tools has the netdom command that has the /filtersids switch.

The resolution was to install SP4 on all DCs, uninstall the currently installed support tools and install the newest version.

Thanks for your help anyhow.

Random Solutions

How do I write a batch that will open an Explorer window to a particular folder?

mssql: I would like to have this where clause modified to search for all records or if beginDate & endDate specfified then search between dates

Best method for automated use of Defrag, chkdsk, Disk cleanup, etc.

Dropdown with links

Free PHP testing and debugging environment

TSQL last 30 dates in Ascending order?

How do I perform Proximity Search using the database provided by IPINFODB

Sorting / Filtering XML Using XSL

In Latex, how do I start a remark on a fresh line?