Hi, I am running multiple servers through a domain controlled by windows server 2003. My domain name is "AD". All servers (media, file, application, and database) have been successfully connected to this domain. There are two groups that have been created in active directory on the domain controller called "Instructor" and "Student." Permissions have been set on that machine to allow read and write, but my problem is that on the file server, I cannot set permissions for these two groups to read or write because my properties dialog box on the file server cannot find any active directory groups (even domain users) clearly have been created and are connected through the domain. Any ideas?

A couple things to check. 1) Are you logged onto the File Server with a domain admin account when trying to setup the permissions? 2) Ensure you have the DNS server for your AD as the DNS Server for the fileserver.

Hi, I am logged in as a Domain Admin and we do have the same DNS server for both. DNS server is Open BSD using Dyanmic DDNS. We can see AD from file server, but we cannot change the location from file server (local machine) when adding groups/users in share/NTFS permissions (i.e. we cannot add domain users because it is not found in advanced search).

"DNS server is Open BSD using Dyanmic DDNS." Active directory is built around Microsoft DNS. Your DC's should be dns servers forwarding to the bsd server. So you ran dcpromo on one of the servers. Which one? I ask because what you write has all the signs of a workgroup not a forest with a domain. Is the server you dcpromo-ed also running dns server? Are the other servers and workstations pointed to this dns server? If not windows can't find its AD brains.

Hi, In answer to the workgorup/forest question, our AD server is the domain controller. It does not have DNS. The only DNS we currently have is the Open BSD DNS. So if I understand you correctly, we need to add DNS to our DC and point it to the Open BSD DNS in order for AD to function correctly? Thanks

You should of gotten some sort of warning during the dcpromo process. I would probably take down, the DC via another dcpromo to demote the domain controller (given, you'll lose your AD, but you just recently set it up, correct). Install MS DNS and configure the NIC to use itself for DNS, then run another DC promo to promote the domain controller. This will allow the dcpromo process to create the proper SRV records, etc for active directory. Then have all your servers/workstations to use this server for their DNS in order for them to resolve the domain and active directory.