Cross Domain NTFS Permissions not finding Groups RRS feed

  • Question

  • Hi

    We have a 2008r2 server in our Test DMZ Domain onprem environment which hosts a public facing website, the website auth is controlled through folder permissions and has Security Groups from our Production Domain added in so users can authenticate with their regular accounts. This is all working fine currently.

    For example the domains look like this:

    • (prod)
    • (test)
    • (test DMZ)

    We are looking at replacing this server with a 2016 server in the same Test DMZ Domain but in Azure. When adjusting folder permissions I am able to select the Production Domain under Locations however it is unable to find any Users or Groups from the Production Domain. 

    Initially I thought this would be firewall related as it appears to be timing out when doing the search, however as a test I tried adding a Production group onto the first onprem Server which already has Production groups on the folder and it's unable to find any Security Groups the same as the new server.

    Is there something I'm missing here? How can the first server have Production groups on the Folder permissions if I'm unable to add the same group on the same server to a different server? I've tried adding the group with PROD\ before and after the group name but no dice.

    Are these lookups done on LDAP 389 to one of the Production DC's? Or are they passed to the Test DMZ DC and then back up the Production through its own channels?

    Any advice appreciated.


    Friday, October 4, 2019 5:47 AM

All replies