Tuesday, June 23, 2009

SID Filtering – Access is denied

I recently came across an "Access is denied" issue when I was trying to disable the SID filtering in Windows 2008 side.

Anyway, this is what I did to resolve the issue:

I have enabled the "Network access: Allow anonymous SID/Name translation" GPO settings in "Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options".

image

I have performed this action only in my Windows 2008 Domain.

Also, please read the following articles and make sure you understand policy details before enabling it.

http://support.microsoft.com/kb/823659
http://technet.microsoft.com/en-us/library/cc728431.aspx

5 comments:

Hi!
You wrote "on your 2008 side". Do you mean target or source domain?
Thanks for your work.
David

"The Active Directory Domain Controllers required to find the selected objects in the following domains are not available:
'Domain: S'

Ensure the AD Domain Controllers are available and try to select the object again"


Could you please suggest

Hello Sivarajan,

Above error I am receiving I am trying to add one group from other forest B in forest A.

Group is Universal from Forest B

Could you please suggest why I am getting below error


"The Active Directory Domain Controllers required to find the selected objects in the following domains are not available:
'Domain: S'

Ensure the AD Domain Controllers are available and try to select the object again"

One more thing I want to add here this universal group is searchable in forest A but could not be added as a result we got this error

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More