By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
I have a most difficult situation for which I have been searching for a solution for several months. Ever since I implemented AD on my domain, local machines cannot access each other's shares nor can their administrative ($) shares be accessed over the network. It doesn't matter if I attempt to access the share as a domain admin or as local machine admin, both of which can log into the machine locally with full rights. As soon as I move away from the local machine and attempt the access from either neighborhood browser or the command line, access is denied.
If the AD implementation was an in-place upgrade of the DC's from NT 4.0, you may have a serious problem. The problem would be that the FQDN for the DC does not match the FQDN of the domain. For example the DC's name might be MyDC.Company.com. But, you named the AD domain MyCompany.com. So, when the DC attempts to locate and register itself in DNS it has conflicting entries. This can cause the DC to look like it is operating, but in reality any attempt to use AD services – like authentication result in rather odd issues. If that is NOT the case, I would make sure that if you have multiple DCs you run DCDiag on them all to make sure that replication and information sharing between the DC's is consistent.