Any AD gurus explain this?

Any AD gurus explain this?

Post by Parp » Wed, 01 Nov 2000 04:45:22



Hello,

Can someone help me out here - I'm having problems getting an
application (which had worked fine on NT for years) working properly in
an AD environment.  Running it in a simple config, e.g. on a single DC
works ok.  However, as soon as I try to run it with a more colorful W2K
setup, i.e. 2 ADs, I get various errors which suggest some kind of
trust permissions or policies between the 2 AD machines are stopping
things working.

The application does a user authentication then fetches some more info,
assuming that worked.  This all used to work in NT world and the
functions I use are allegedly supported in AD seemlessly - I think its
just AD config I need to set up.

Here's the problems:

First scenario is an AD, called root.com say which has a child AD of
say child.root.com.  If my app is on root.com and I am authenticating a
user in child.root.com, authentication works but when I use the
function RasAdminGetUserInfo, it fails with an "access denied" error.
The RasAdminGetUserInfo simply takes a computer name and username and
returns the RAS callback number.  Even though Windows created a
transitive trust for the two systems, permissions appear to be
preventing the app on root.com from fetching the user's RAS details
from child.root.com.  Running the app on child.root.com allows the data
to be fetched, so it IS a permission issue.  I'd like to be able
to "turn something on" which allows the RAS data to be pulled out of
the child.root.com AD from root.com.

Second scenario is similar but I created root.com as the AD root, then
created a new AD domain, two.com,  and told it to add it to the AD
root.  This made a trust again (tree root) and this time authentication
fails.  Trying to authenticate from two.com to root.com fails with a
permission error.  I thought the tree root trust would allow this?
What do I need to turn on?  However, running the app on root.com and
trying to authenticate a user on two.com fails works but then the
function LookupAccountSidA fails.

All ADs in mixed mode.

Stumped.
-C.

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

1. AD SDK & AD Browser

I cannot seem to find a way to download the Directory Services SDK. I've
tried the general SDK download site and it does not give me the option for
Directory Services (I did order the new SDK disc just in case it is included
on that).

Anyone have the place to get this Directory Services SDK?

Also, on this webpage
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netd...

It has an example of an AD browser. It says that it is a part of the
Directory Services SDK. Is this true? Or can I get it from somewhere else?

Thanks in advance,

Lee Franke

2. Extended Play of Toshiba

3. Using ADS SID of individual users to authenticate ADS users

4. Virus - FTP Security

5. Can anyone explain this??

6. comm ports

7. POP3 Connector Explained

8. SNMP Agents for MAC/Open Transport

9. Article explaining why we patch

10. Anyone explain DHCP Please

11. Somebody please explain

12. Could someone please explain email Aliases ?

13. !! Drive Migration Explained v1.0 (how to)