Very strange situation - Migrated ressources still accessible from groups in old domain ?

This is a multi-part message in MIME format.

------=mesnews_0_0702102221
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

Hello,

(first, sorry if I make mistakes but I am not fluent ;-))
we have a strange behaviour and I dont understand why.

Here is the situation : 

1. We have an old NT4 domain named MSNT and we have migrated (long time ago) user accounts; security groups and computers from MSNT to our AD named MSAD.
The old MSNT domain is still existing and actually when we create an account, we first create it on MSNT and they we are migrating it to MSAD.

Ok for everybody ? :)

Now the strange behaviour ...

2. Our shares are on a NAS (CIFS) and are configured with this : Read/Write for MSAD\UsersCCP.
UsersCCP is an MSAD group previously migrated from MSNT.

3. If a migrated user is not a member of MSAD\UsersCCP BUT is a member of MSNT\UsersCCP group he will be able to access the share !!!

Is it normal ? 
I really dont understand as the ACL are configured for the MSAD group but no more the MSNT group !

thank you

-- 
iautran


------=mesnews_0_0702102221
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Dwindows-1252" http-equiv=3DContent-Type>
<META name=3DGENERATOR content=3D"MSHTML 8.00.7600.16588"></HEAD>
<BODY><CR>
<DIV>Hello,</DIV>
<DIV>&nbsp;</DIV>
<DIV>(first, sorry if I make mistakes but I am not fluent ;-))</DIV>
<DIV>we have a strange behaviour and I dont understand why.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Here is the situation : </DIV>
<DIV>&nbsp;</DIV>
<DIV>1. We have an old NT4 domain named MSNT and we have migrated (long time 
ago) user accounts; security groups and computers from MSNT to our AD named 
MSAD.</DIV>
<DIV></DIV>
<DIV>The old MSNT domain is still existing and actually when we create an 
account, we first create it on MSNT and they we are migrating it to MSAD.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Ok for everybody ? :)</DIV>
<DIV>&nbsp;</DIV>
<DIV>Now the strange behaviour ...</DIV>
<DIV>&nbsp;</DIV>
<DIV>2. Our shares are on a NAS (CIFS) and are configured with this : Read/Write 
for <STRONG><U>MSAD\UsersCCP</U></STRONG>.</DIV>
<DIV>UsersCCP is an MSAD group previously migrated from MSNT.</DIV>
<DIV>&nbsp;</DIV>
<DIV>3. If a migrated user is not a member of MSAD\UsersCCP <U>BUT is a member 
of MSNT\UsersCCP</U> group he will be able to access the share !!!</DIV>
<DIV>&nbsp;</DIV>
<DIV>Is it normal ? </DIV>
<DIV>I really dont understand as the ACL are configured for the MSAD group but 
no more the MSNT group !</DIV>
<DIV>&nbsp;</DIV>
<DIV>thank you</DIV><PRE id=3D"signature"><CR>
-- 
iautran</PRE></BODY></HTML>


------=mesnews_0_0702102221--

0
iautran
7/2/2010 8:21:21 PM
windows.server.active_director 902 articles. 0 followers. Follow

0 Replies
1356 Views

Similar Articles

[PageSpeed] 56

Reply:

Similar Artilces:

Domian Local into Domain Admins Group
How do I make a 'Domain Local' security group which contains a Universal group from another domain, a member of the Global 'Domain Admins' group? DL's can't become a member of GG's Cosmo, you can not. Domain global groups can contain only users and global groups from the same domain... If you need to grant Domain Admins equivalent privileges to accounts from other domains, add them to the domain local Administrators group and local Administrators groups on all domain member computers... hth Marcin "Cosmo" <Cosmo@discussions.microso...

Reconfiguring Notebooks after Migration
I recently upgraded from Vista Pro 32 bit to Win 7 Pro 64 bit, and copied my OneNote files to the new configuration from a backup. In the process I lost all the Notebooks, although the Sections are still intact. I'd like to go back to how things were arranged before the upgrade and migration. If I search for *.one I find all the sections, a good number of which have the same name because I try to have one file structure for my notebooks. If I select one to open, it asked if I want to open the Section Only or the whole Notebook. I select the whole Notebook. When I&...

How OMPM Scanner (offscan) Filter by Access/Modified Date ?
Hello, I have problem to inventory excel files on very big file server, but I believe there are so many documents we no longer need to maintain. I want to skip files if the access date or modified date longer than 6 month, but don't see the OMPM providing feature about it. I currently running OMPM since 2 weeks ago and running out of time for reporting to my manager. Please help me, this is my critical assignment. -- Eldi Munggaran ...

Auto Forward mail to a group of External addresses
Can someone please tell me how I create an Auto Forward to a group of external email addresses. I want to setup an auto forward on my exchange so that all mail sent to forward@mydomain.com is then forwarded to a group of email accounts such as me@hotmail.com, me@yahoo.com, user@mail.com. Can someone please tell me how I set this up on an exchange server. I know how to do it for an individual but I can't work out how I create an auto forward for a group of people. Thanks for any advice! what version Exchange? only the terminology is different...create custom recipients/contacts ...

How to create an "and" rule in Query Based Distribution Groups
Hi, With Exchange 2003 Query Based Distribution groups, is it possible to create an "and" rule? ie, all users who are based in "London" "and" have the first name "John"? Thanks, Curtis. -- Please reply to news group only. Thank you. Sure. (&(attribute1=blah)(attribute2=blah)) http://msdn.microsoft.com/library/en-us/adsi/adsi/search_filter_syntax.asp?frame=true -- Bharat Suneja MCSE, MCT www.zenprise.com blog: www.suneja.com/blog ----------------------------------- "Curtis Fray" <xxx@xxx.com> wrote in message news:OjVc...

comdlg32.ocx and Access 2007
I have several Access databases that were originally written using an Access version prior to Access 2007. I am in the process of converting the databases and installing them on new machines running Win7 and Access 2007. Over the years, one of the References I commonly used was comdlg32.ocx. It does not appear that either Win7 or Access 2007 installs that particular Active X file. I can copy it from an older machine, but that seems like a strange solution. Is comdlg32.ocx a "legacy" Active X file and has it been replaced with a newer (and differently named) Activ...

How to install Exchange in an "Administrative Group"
I am running Windows 2003 and Exchange 2003 on a DC in my lab. Exchange is installed in the "First Administrative Group". Now I want to install a second Exchange 2003 Server in another "Administrative Group" called "Midwest". This is what I did: 1. Installed the second Exchange 2003 server in the "First Administrative Group". 2. Created the second "Administrative Group" called "Midwest". 3. Tried to move the second Exchange 2003 server into the "Midwest" Administrative Group. The problem was that I was not able to &q...

Scribe Migrate
I am planning to do a reinstall on our CRM server and have purchased Scribe (didn't come in till JUST now), and was planning to do this over the weekend. I have a test environment and want to try it here before I do this on our production. However this isn't as simple as I thought. I know, I know, read the manual, etc, etc etc. But its near critical that I get this production reinstalled, and I'd rather not work straight through a weekend just to learn this thing. Anways, can anyone give me the basic overview of this? Does this take hours just to create the migration setup? For s...

Error 2455 Closing Access 2007 database with form open
I have a form with a subform that is requeried when you select a new key for the main form from a combo box. Everything works fine - usually. But sometimes if you have the form open when you close the database down you get the following error message (twice) in a pop up. You say OK (twice) and the database closes OK "2455 you entered an expression that has an invalid reference to the property form/report" If I close the form before the database I never get the error. If I do not touch the form before you close the database I don't get the error. If I update a field by t...

Inserting Excel into Access Reports
Office XP Have a great Access application that produces a nice template (headers & footers) report into which I'd like a spreadsheet inserted before going to the printer. In the past, I'd just print the Access reports, then reload them into the inkjet printer and run the Excel spreadsheets as needed. The heat of the new color laserjet turns the paper grey if it runs through too often, so it's time to get the reports printing on one pass. Any suggestions would be welcome. I've of course also got Word XP, MS Publisher XP, as well as Adobe Acrobat, if anyone thinks it m...

Simple Access counting queries
Hi, hoping someone can help a relative newbie with a pretty simple query. My database (Access 2007) has three tables: Customers Products Purchases (many-to-one links to both of the other tables, this is basically a linking table) I have two simple queries I'd like to get out of this database, but I'm a bit stuck on how to construct the SQL. Any direction you can give me would be helpful. 1. List of all customers who have purchased 2 or more products (or 3 or more products, or 4+, etc.) 2. List of all customers who have purchased both Product A and Product B (or A, B, and C, or B an...

How to get only the year in the date format in Access
How to get only the year in the date format I.e in the table in need to display only year E.g 2005 - should be display " 05" automatically Custom format the cell as: yy -- HTH, RD --------------------------------------------------------------------------- Please keep all correspondence within the NewsGroup, so all may benefit ! --------------------------------------------------------------------------- "yanu" <yanu@discussions.microsoft.com> wrote in message news:14CE9F60-F7B9-467A-8C16-71088C31BEBA@microsoft.com... > How to get only the year in the date form...

Expression Too Complex in Access 2000
Hi, Consider the following query: SELECT crTbl.acct_1, crTbl.amount, crTbl.date FROM crTbl WHERE (((crTbl.acct_1)="Supplies") AND ((crTbl.date) Between [Forms]![crReportOptionsFrm]![startDate] And [Forms]![crReportOptionsFrm]![endDate])); The query works fine on my own computer in Access 2002. When converted to Access 2000 and used on an other computer, I get the following error: "This expression is typed incorrectly or is too complex to be evaluated. Try simplifying the expression by assigning parts of the expression to variables." The problem is with the "Between...

groups detail section totals access 2003
Hi all, I know this can be done, but haven't figured out how yet. I have what basically is a summary report that my sql comes up with for the detail rows. I want to total these rows in the report and display immediately below the detail section. I don't really want to group anything, but want to treat the whole detail section as a group. That being said, how can I get a "group footer" on the designer so I can add my total columns. If I use "sorting and grouping", it starts grouping things and that is not what I want. I don't want to use the "page foo...

Relaying denied / Can't send to aol.com & cisco.com domains
We have 1 internal Exchange 2000 server for our only domain, dortfcu.org. When we try to send an email to anyone at the aol.com or cisco.com domain, their email server says 550 5.7.1 <email address>... Relaying denied. I think the issue is a dns issue and is due to the fact that I upgraded one of our 2 dns servers from windows 2000 server to windows 2003 server last weekend. NSLOOKUP of dortfcu.org with type=mx says that mail exchanger = smtp.dortfcu.org. The servers real name is dort2.dortfcu.org. So I guess this means my mx record is wrong? I don't have access to my ...

outlook in sub-domain to set use root-domain question!!!
Dear Sir Please see below more details,(We are using special railway line between Head office in Taipei and branch office in Tao-Yuan) Head office in Taipei: aaa.com(Root domain) Dc server * 2(One of it is GC Server), Front-End Exchange 2003 *1, Back-End Exchange 2003 * 2(One is named mail1, another is named mail2 ) Branch office in Tao-Yuan: bbb.aaa.com(sub-domain) Dc Server *1(No GC Server,No Exchange Server) After using ADMT v3 Tool, when I transfer an account from root named aaa.com(ou) to bbb.aaa.com. After I ins...

How to clear old e-mail addresses?
My address book is empty, and my contact list is empty (those show up empty when I use Tools, Address Book), but when I send a new e-mail message, on typing the first letter of the addressee name, a drop-down list appears with e-mail addresses for everyone I've ever e-mailed. How can I clear out these names? . Thanks for any ideas. You can simply use the cursor arrows and delete them or you can delete the file *.nk2 that is located in: C:\Documents and Settings\username\Application Data\Microsoft\Outlook But this options will delete all autoresolution addresses- -- Ricard...

delegate email still not working
for exch 2003 on outlook 2003 newly supporting the above, i did not set up the initial install i created a new user with ad wizard, so it created email account, mailbox, etc i opened up a mail account for the new user in outlook express and was able to receive mail in oe for the new user, then i deleted that acct in outlook express then i added that new user account to an exisiting outlook2003 already connected to another exch mailbox, in the advanced add user section, that newly added delegate user has all permissions the outlook directory tree added the new user mailbox and exch accepted...

Count Age Grouping
I have an access 2k database in which I need to count groups of records of individuals by that age groups such as 14- 20 no of individuals 21-30 no of individuals 31-40 no of individuals 41-50 no of individuals 51-60 no of individuals 61-70 no of individuals 71-80 no of individuals 80+ no of individuals I have both DOB and Age fields in the table I have tried several queries but with no luck and ideas On 19 Mar 2007 16:51:49 -0700, "Nemesis_uk" <nemesis_uk@ntlworld.com> wrote: >I have an access 2k ...

Remote access to another company's Outlook calendar?
Hello! I have one client on Exchange 2003 that wants to access the calendar of an employee (consultant?) at another company running Exchange (version not known yet). How can the remote company share this person's calendar with my client? He would need to access it and add appointments to it. Thank you for the help! Gregg Hill On Mon, 30 Aug 2004 22:15:24 -0700, "Gregg Hill" <bogus@nowhere.com> wrote: >Hello! > >I have one client on Exchange 2003 that wants to access the calendar of an >employee (consultant?) at another company running Exchange (version no...

Calculate Subreport totals in a main report Group footer
Hi all Apologies if this has been answered before but I can’t find it. I have a main Report with a Group called “Product_Category” which lists a number of “Products” in the Detail I have a Subreport named “product_costs” which has a record for each date and Text Boxes named “materials” and “fuel” (there are more but I’ll keep it simple). The Subreport sums all costs and has Text Boxes named “summaterials” and “sumfuel” in the footer (all with a height of 0.1cm) The Subreport is embedded in the Detail of the Categories and linked by Product_id In the Detail of the Main Rep...

Enable/Disable a Form Control Based on Security Group Permissions
How do I enable or disable a control in a form based on a user’s security group membership? For example: If I have a checkbox on a form (call it box1), I want box1 to be enabled if the user who opened Access is a member of a security group called “Breaker Test Admin.” For members of any other group (except of course “Admins”), box1 should be disabled. Thank you, for your help! On Mon, 02 Jul 2007 18:57:13 GMT, "BenS" <u35527@uwe> wrote: >How do I enable or disable a control in a form based on a user�s security >group membership? For example: If I have a checkbox on a ...

Can't connect to Exchange server after VPN access
I can connect to my office Exchange server when in the office (LAN) but I cannot connect outside with Outlook. I can only use the webmail after entering a web VPN access: - First portal for VPN : https://xxx.yyy.com --> I enter my user_VPN/password_VPN - On the next web page, I have the choice for the webmail and it's a link as https://xxx.yyy.com/go/webmail.yyy.com~ssl where I can enter my user_mail/password_mail So I can't enter the url in RPC as every slash is forbidden In my Outlook, the Exchange server (EXC.yyy.com) is not reachable by ping (or tracert) and I can't ...

Access 2007 12-17-09
I am building a contact data base for my church. How do I get the phone field to automatically format like this (xxx) xxx-xxxx when the numbers are typed in the cell? -- Thank You In the form design view select the phone control and open the properties dialog. Goto the Data tab and use the Input Mask to define the format you wish to use. If you click on the ... to the right hand side on the property you will get another dialog where there are predefined input mask or you can define your own. For instance, I use !\(999") "000\-0000;0;_ to format my telepho...

set value of a group of activex control points
Have a spreadsheet that has some 20+ activex control points (option buttons). Is there a way to group all these controls together & set their initial values the same? Trying to setup a "reset" type of operation that would clear all control points. I can do them individually via properties, but it's too time consuming. Any suggestions? ...