Very strange situation - Migrated ressources still accessible from groups in old domain ?

This is a multi-part message in MIME format.

------=mesnews_0_0702102221
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

Hello,

(first, sorry if I make mistakes but I am not fluent ;-))
we have a strange behaviour and I dont understand why.

Here is the situation : 

1. We have an old NT4 domain named MSNT and we have migrated (long time ago) user accounts; security groups and computers from MSNT to our AD named MSAD.
The old MSNT domain is still existing and actually when we create an account, we first create it on MSNT and they we are migrating it to MSAD.

Ok for everybody ? :)

Now the strange behaviour ...

2. Our shares are on a NAS (CIFS) and are configured with this : Read/Write for MSAD\UsersCCP.
UsersCCP is an MSAD group previously migrated from MSNT.

3. If a migrated user is not a member of MSAD\UsersCCP BUT is a member of MSNT\UsersCCP group he will be able to access the share !!!

Is it normal ? 
I really dont understand as the ACL are configured for the MSAD group but no more the MSNT group !

thank you

-- 
iautran


------=mesnews_0_0702102221
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dwindows-1252" http-equiv=3DContent-Type>
<META name=3DGENERATOR content=3D"MSHTML 8.00.7600.16588"></HEAD>
<BODY><CR>
<DIV>Hello,</DIV>
<DIV>&nbsp;</DIV>
<DIV>(first, sorry if I make mistakes but I am not fluent ;-))</DIV>
<DIV>we have a strange behaviour and I dont understand why.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Here is the situation : </DIV>
<DIV>&nbsp;</DIV>
<DIV>1. We have an old NT4 domain named MSNT and we have migrated (long time 
ago) user accounts; security groups and computers from MSNT to our AD named 
MSAD.</DIV>
<DIV></DIV>
<DIV>The old MSNT domain is still existing and actually when we create an 
account, we first create it on MSNT and they we are migrating it to MSAD.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Ok for everybody ? :)</DIV>
<DIV>&nbsp;</DIV>
<DIV>Now the strange behaviour ...</DIV>
<DIV>&nbsp;</DIV>
<DIV>2. Our shares are on a NAS (CIFS) and are configured with this : Read/Write 
for <STRONG><U>MSAD\UsersCCP</U></STRONG>.</DIV>
<DIV>UsersCCP is an MSAD group previously migrated from MSNT.</DIV>
<DIV>&nbsp;</DIV>
<DIV>3. If a migrated user is not a member of MSAD\UsersCCP <U>BUT is a member 
of MSNT\UsersCCP</U> group he will be able to access the share !!!</DIV>
<DIV>&nbsp;</DIV>
<DIV>Is it normal ? </DIV>
<DIV>I really dont understand as the ACL are configured for the MSAD group but 
no more the MSNT group !</DIV>
<DIV>&nbsp;</DIV>
<DIV>thank you</DIV><PRE id=3D"signature"><CR>
-- 
iautran</PRE></BODY></HTML>


------=mesnews_0_0702102221--

0
iautran
7/2/2010 8:21:21 PM
windows.server.active_director 902 articles. 0 followers. Follow

0 Replies
810 Views

Similar Articles

[PageSpeed] 55

Reply:

Similar Artilces:

Error accessing the OLE registry.
When using the Wizard to create a chart from a table which has 3 fields after selecting all 3 fields and choosing the default chart type I get the message :- Chart Wizard Automation error Error accessing the OLE registry. If I then continue I get an overflow error message when clicking the Finish button and am forced to use the Cancel button to close the wizard. Can anyone suggest what the problem might be, and is it anything to do with having Access 2003 installed as part of Office 2003 Pro? Viv ...

MFC .exe gets access violation exception in release version but not debug
Hello, thanks for trying to help. I have an MFC .exe that gets an access violation (C0000005) exception in the release version but not the debug version. So I don't know what line of code causes it. But why should they act differently in this way at all? The exception occurs when a tab on a property sheet is being clicked. The only output in the debug screen when the tab is being clicked is "Warning: skipping non-radio button in group." Would that cause it? Does tab order determine groups along with the tab stop property? What are reasons why MFC code would get an access ...

Email User has old data in it
This is a very odd incident. We have a user that when their name shows up in Outlook, they have another user's name in parentheses beside their name. The other user is someone who was here temporarily over 5 years ago. I have looked in Active Directory using ADSI and advanced view of all properties of this user account and cannot see why this old additional data is showing up. It also shows up in the backup selections in Veritas for Exchange. This must be some corruption when the system was migrated from NT 4.0 to 2000 or from Exchange 5.5 to 2000 years ago? Does anyone know wh...

Expand/Collapse Grouped Data in Protected Worksheet
I've created a worksheet that will be distributed to 300+ users in an investment group. It contains formulas and computations in cells that could easily be overwritten by spreadsheet novices, so I've protected the worksheet so users can only edit the cells they need to for the sheet to return the info they need. The problem is: after protecting the worksheet, Excel won't allow the user to expand or collapse grouped rows that list detailed information on each step of the calculations. This is inconvenient because I'd like to give the users the ability to expand the spr...

Strange Output
Hello, everybody !!! Why this fragment of code shows : ac cout<<"a\??/??/bc"; Thanks All !!! "Alex Dmitriev" <firejump@mail.ru> wrote in message news:ecTgPp8pEHA.3800@TK2MSFTNGP14.phx.gbl... > Hello, everybody !!! > Why this fragment of code shows : ac > > cout<<"a\??/??/bc"; http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vccelng4/html/elconTrigraphs.asp '??/' is a '\' so you end up with "a\\\bc" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vccelng4/html/elc...

Local user to Local Group: You do not have permission to send to this recipient
I have Exchange 2003 and Outlook 2007 clients. All my domain users are in DomainUsers group. Everybody could send mails to DomainUsers, except one users with the following error: Your message did not reach some or all of the intended recipients. Subject: MySubjectTest Sent: 10/1/2007 10:30 The following recipient(s) cannot be reached: DomainUsers on 10/1/2007 10:27 You do not have permission to send to this recipient. For assistance, contact your system administrator. <exchange.domain.com #5.7.1> Any thoughts? Thanks in advance. no b...

Why my contents written to a file which is opened in binary is still a text
Hello, I am facing a problem in writing my contents into a file in binary mode. There is no exception or no error. Can any one help me why the following code not able to write contents in binary format to a file ? if (fp.Open("test.dat",CFile::modeCreate | CFile::modeReadWrite | CFile::typeBinary | CFile::shareDenyNone)==NULL) return FALSE; else { char buff[20]; strcpy(buff,"hello world"); fp.Write(buff,strlen(buff)); } fp.Close(); I used both CFile and CStdioFile but even them i did not get success. When i open the file i still see my contents in ...

Why is Access 97 so much faster than VB6 when searching?
Details: Access 97 mdb, 1.7 million records. I'm searching a text field (indexed) for a given phrase. Access 97 takes 15 secs to execute: SELECT Data.DX_MsgNum, Data.DX_Subject, Data.DX_Date FROM Data WHERE (((Data.DX_Subject) Like "*ford prefect*")); However, in VB6 I have: Dim Conn As ADODB.Connection Dim rs As ADODB.Recordset Dim SQL as String Dim s as String s = "ford prefect" SQL = "SELECT DX_MsgNum, DX_Lines, DX_Date, " _ & "DX_Subject, DX_From FROM Data Where " _ & "DX_Subject like '%" ...

Excel Object showing strange behavior
Hello, I have a sheet that I created that contains an Excel object (small spreadsheet) that when double clicked, will open up and allow it to be populated. After they populate it, and close it,...the data is automatically reflected in the object on the original sheet. This is shared with everyone and it's working great. BUT.....(always the but) Why have a few people sent the form back to me saying that when they double click the object it opens up a "Format Object" dialogue box rather than the editable sheet that it was supposed to do? They sent it back to me and sure enough...

Exchange Permissions--Strange One
Hi by default, domain admins (and ent. admins) are denied "receive as" and "send as" permissions to the mailbox store. additionally, by default, on the exchange advanced tab under the mailbox rights button, domain admins are DENIED Full Mailbox Access. However, if you look at the security tab for each user object, by default domain admins are allowed "send as" and "receive as" permissions. now i know that the "receive as" right is ignored on the ad user object, but i ran a small test. i logged on as a domain admin, opened up the domain admin...

Natural code, Output Code and Domains fields
hi all, I'm about to use crystal report to handle the natural code, output code and domains but I don't know wich table contains these fields. Any help would be welcome. Thanks Alain ...

Replying to old threads
It looks like this newsgroup has won a new sheriff who's trying to establish new rules. In my opinion, there's nothing wrong with the reactivation of an old thread. -- Best regards Michael Bauer - MVP Outlook : Outlook Categories? Category Manager Is Your Tool : VBOffice Reporter for Data Analysis & Reporting : <http://www.vboffice.net/product.html?pub=6&lang=en> Michael Bauer wrote: > It looks like this newsgroup has won a new sheriff who's trying to > establish new rules. In my opinion, there's nothing wrong with the > r...

Access 2007 Runtime Error 3075
I'm really confused. I have two databases which use similar code to build a select statement. One has been working (DB1), the other has not(DB2). As I was debugging DB2, I brought up DB1 to compare the VB code. Suddenly DB1 started showing the same error. I tried DB1 on another computer and it still works fine there. The database resides on a network server so I am testing the same code. The error message is : Run-time error 3075 Syntax error in date in query expression '[SR Number]='09-0035' AND [Date] BETWEEN #_/_/_# AND #_/_/_'. The code looks lik...

Print multiple mailing labels in Access 2003 or 2007
From: "Patrick Sewell" <ptsewell@monte.k12.co.us> Subject: Print multiple mailing labels in Access 2003 or 2007 Date: Wednesday, November 28, 2007 3:45 PM I have come across the following KB from Microsoft that has helped me to print a fixed number of copies of the labels that I wish to print. This works pretty well. http://support.microsoft.com/kb/299024 However, I would like to include a field in my table for the number of copies I want of each label. For example, if each record in my table contains the information for a given label, one field in that record should cont...

Distribution Group Company
How can I set the company name on distribution groups in Exchange 2003? In 5.5 I would export the DLs add the company and then import them. I use the company field to create an Address List that only contains recipients/distribution groups for my company. Please help! Thanks. Can do the same with LDIFDE, use ADModify.NET, or script it. -- Bharat Suneja MVP - Exchange www.zenprise.com NEW blog location: www.exchangepedia.com/blog ---------------------------------------------- "Mike" <mbaith@yahoo.com> wrote in message news:%233DGnMtfGHA.1260@TK2MSFTNGP05.phx.gbl... >...

Strange Email failure error
Can anyone help? Using Outlook 2002 and POP3 mail. I've always been able to send emails to my wife's work email address until this week, when I get this very strange failure notice. "Connected to 213.2.49.230 but greeting failed. Remote host said: 421 reppsrv01.repp.co.uk is not accepting new connections. Please try later I'm not going to try again; this message has been in the queue too long." Does anyone know what the hell this means? thanks -- Google is your Friend Email address deliberately false to avoid spam: gordonATgbpcomputingDOTcoDOTuk www.gbpcomputin...

Exch2k3: SMTP access by Admin
Hi, What is wrong? I can't sending mail thru SMTP server by Administrator! I use Outlook Express. Admin's account read mail fine, but can't send! Checkbox "My server req auth" on Admin's account propery page is checked, but when I try connect to SMTP server - Logon window can't accept right Admin's password. Another account (simple domain user) with same settings work fine - recieve and send mail. Why SMTP server (Win 2003 SP1+ Exch2003 SP1) can't accept Admin's password? Thanx. ~~~~~~~~~~~~~~~~~~ Best regards, Sergey Hi Ser...

Using Windows Media Player activex control in an MS Access form
I have added a Windows Media Player activex control in an MS Access form and I want to play a video file when I click on an command button. The file to be played is that of the content of a field on that form. For example, if field A contains the text c:\test video1.iso and I click the command button, then play video c:\test video1.iso. If this value changes to another vodeo file name, then play that file. I can't find how to set the URL of the windows media activex control to read a field on a form. Is there a way to do this? Thanks in advance. ...

OWA access still points to Exch 2000 version
I'm doing an Exchange 2003 upgrade to a new server, currently both servers are up running until I complete the mailbox moves. Whenever a user brings up OWA it still brings up the old 2000 version, even if I put in the address of the Exch2003 server. What triggers this? Is the rule that it will use the server in which the mailbox resides? I tried to bring up OWA for a user that was moved to Exch2003 and could not get in from a public interface but did on the LAN side. Just trying to get the theory behind what triggers OWA. For public access you will need to update your Firewall/Ro...

MFC program that uses an Access database...
I have an MFC program that integrates with an Access database. Can I build the C++ code and the .mdb file into one .exe? Or will the .exe file have to know the path to the .mdb file and the program have two files? Thanks, RABMissouri "RAB" <rabmissouri@yahoo.com> wrote in message news:1132458327.602782.237950@g49g2000cwa.googlegroups.com... >I have an MFC program that integrates with an Access database. Can I > build the C++ code and the .mdb file into one .exe? Or will the .exe > file have to know the path to the .mdb file and the program have two > files? ...

OMA ACCESS
Dear Friends, I set up the global options all enabled, I do everything by the book, just one servere doing the exchange job on username user@domain.com (for just username it will never go through) and password it either does not login or gives me the message. Any ideas? Server Error in '/OMA' Application. ----------------------------------------------------------- --------------------- Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify yo...

Permission for one user to access all mailboxes
Hi Using Exchange Server 2003 SP1 in Windows 2003 domain. How do I give one particular user - not a domain administrator, access to all users mailboxes, especially their calendars to insert and delete appointments. This user does not have a mailbox. This account is used by an HR application to update their calendars with leave information. Thanks Rajia Grant the account Send As and Receive As permissions on the mailbox store(s). -- Bharat Suneja MCSE, MCT www.zenprise.com blog: www.suneja.com/blog ----------------------------------- "Raji A" <rajia@envbopdotgovtdot....

email-still-sending
can-ne1-help-me-i-sent-an-email-to-a-mate-of-mine-3-days- ago-ever-scince-it-still-says-sending-email-and-i-cant- read-my-new-emails-or-send-new-ones-also-every-time-i- press-spacebar-it-puts-me-on-my-homepage "Russ" <anonymous@discussions.microsoft.com> wrote in message news:593701c47495$d45cd7e0$a601280a@phx.gbl... > can-ne1-help-me-i-sent-an-email-to-a-mate-of-mine-3-days- > ago-ever-scince-it-still-says-sending-email-and-i-cant- > read-my-new-emails-or-send-new-ones-also-every-time-i- > press-spacebar-it-puts-me-on-my-homepage You might try writing in a normal...

ms access will not open ...
i just reinstalled office 2003 suite .. i tryed to open a database for access and it gives me a windows installer box but never opens the program ever please help thks all other office suite program sopen just fine, but NOT access If you don't have the "Professional" version of Office, it doesn't have Access as a part of the suite. "mph721" wrote: > i just reinstalled office 2003 suite .. i tryed to open a database for > access and it gives me a windows installer box but never opens the program > ever please help > > thks >...

Security for an ADP; what is Access part? What is SQL server's part.
I have an ADP (Access forms, etc with SQL Server backend) How would I implement security for end users? Do I set up in Access? Then how does access talk to SQL Server? Do I set up user accounts in SQL Server? To I configure both? Isn't their an application role in SQL Server? I need a general framework to start with. Any advice or links would be appreciated. Mike I generally use integrated Windows security with SQL-Server, then create an Access ADE (or more often an MDE) for the Access Front-end. You don't need to login, but you do need to be in a group with permissions to ...