All users and groups have been migrated to target environment with sid history, and the file servers shave ben re-permissioned. However not all users are able to access resources.
This might happen when permissions to some of the resources have been assigned to local groups. SID’s of local groups will not work in another domain, their token will not include the SID history after they pass through the trust. In other words – local groups cannot rely on SID history when accessing resources over the trust, in other domains.
Possible resolution could be to convert the source local groups to global or Universal and only then to migrate or synchronize them.
Another workaround could be to add target local groups to other global groups, to make nested groups.
All such workaround need to be tested in a lab first, and should be approved by the consultant or Account Manager, prior to implementing in production.
For a detailed explanation how SID’s of local groups are being handled please see KB article 72489
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center