locked
Cross Domain NTFS Permissions not finding Groups RRS feed

  • Question

  • Hi

    We have a 2008r2 server in our Test DMZ Domain onprem environment which hosts a public facing website, the website auth is controlled through folder permissions and has Security Groups from our Production Domain added in so users can authenticate with their regular accounts. This is all working fine currently.

    For example the domains look like this:

    • domain.com (prod)
    • test.domain.com (test)
    • dmz.test.domain.com (test DMZ)

    We are looking at replacing this server with a 2016 server in the same Test DMZ Domain but in Azure. When adjusting folder permissions I am able to select the Production Domain under Locations however it is unable to find any Users or Groups from the Production Domain. 

    Initially I thought this would be firewall related as it appears to be timing out when doing the search, however as a test I tried adding a Production group onto the first onprem Server which already has Production groups on the folder and it's unable to find any Security Groups the same as the new server.

    Is there something I'm missing here? How can the first server have Production groups on the Folder permissions if I'm unable to add the same group on the same server to a different server? I've tried adding the group with PROD\ before and @prod.com after the group name but no dice.

    Are these lookups done on LDAP 389 to one of the Production DC's? Or are they passed to the Test DMZ DC and then back up the Production through its own channels?

    Any advice appreciated.

    Cheers

    Friday, October 4, 2019 5:47 AM

All replies

  • Hi,

    You can discuss with AD expterts and Azure experts over here:

    AD forum:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS

    Azure:

    https://social.msdn.microsoft.com/Forums/azure/en-US/home?category=windowsazureplatform

    Best Regards,

    Daniel


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 7, 2019 7:38 AM
  • Hi,
    Just want to confirm the current situations.
    Please feel free to let us know if you need further assistance.
    Best Regards,
    Daniel

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 9, 2019 9:30 AM
  • Hi,
    This is Daniel and wish you all the best!
    As this thread has been quiet for a while, we will mark it as ‘ Propose answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the propose answer as you wish.
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
    Best Regards,
    Daniel

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 11, 2019 8:10 AM