Q

Global Group users are grayed out and can't access intranet

I have recently completed the migration of users from a mixture of NT and Novell Directory Services (NDS) to Active Directory (AD). It has been reported that some users are being prompted for authentication when attempting to access intranet resources. On investigating the migrated Global Groups, which govern access to the intranet resources, it has been found that all the users are displayed as grayed-out users -- these user accounts are active/enabled and being used to log into the Win2k domain. Any ideas?
This may be a ramification of the migration. When moving to AD, depending on what tool you used, the resulting groups and users have SIDHistory Attributes added. This means that the old NT SID is actually attached to the group or users as another group or user membership. When you examine the group or user in an Access Control List (ACL), like on a file, you will see the name of the Windows 2000 group -- but it really may be the NT 4.0 SID that is in the group. Post-migration, you need to ensure that all group memberships and ACLs are cleaned up and reference the appropriate user account. Then, using ADSI Edit, you can search for the SIDHistory attribute in the user/group objects and remove it. The deployment guide from the resource kit and the Microsoft Training Kit for the Migration Text (I believe it is 70-222) also has this information.
This was first published in July 2003

Dig deeper on Microsoft Active Directory Migration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close