Resolution
fact
Domain Migration Administrator 7.x
symptom
Local group membership is not updated after translating security on a BDC.
symptom
NTFS and share ACL's are updated but the local group membership is not after translating security on a BDC.
cause
This is because a BDC is not writable. The membership of domain local groups is controlled by the domain SAM, which is only writable on the PDC of an NT 4 domain.
fix
Domain Migration Administrator 7.x
symptom
Local group membership is not updated after translating security on a BDC.
symptom
NTFS and share ACL's are updated but the local group membership is not after translating security on a BDC.
cause
This is because a BDC is not writable. The membership of domain local groups is controlled by the domain SAM, which is only writable on the PDC of an NT 4 domain.
fix
Translate security for local groups on the PDC.
To accomplish this:
- Run the Translate Security Settings wizard.
- Select the NT user accounts and global groups that are members of the NT domain local groups.
- Select the PDC.
- Select the Local groups checkbox.
- Complete the wizard.
The standard Windows NT replication process will replicate the SAM information from the PDC to the BDC.
Additional Information
Formerly known as NETIQKB22123