I have the Following scenario
Domain A (2003), Resource Domain. (forest trust to domain A)
FolderA has a Domain local group FolderAusers used to apply permissions
Domain B (2008 R2), user domain (forest trust to domain A, external trust to domain C)
Universal group FolderAusers which is a member of the FolderAusers domain local group in Domain A
Lets say we have a users call UserA who is a member of the above group and can access FolderA on the server in Domain A
----
Domain C has been introduced (external trust to domain B), UserA has been migrated to this domain using ADMT and sid history has been migrated.
Sid filtering is disabled on all trusts
UserA who is now in Domain C can access resources on Domain B fine using sid history but they can no longer access FolderA in DomainA
I guess the problem here is that FolderA in domain A does not have UserA's SID on its ACL and doesnt know to check it against its group memberships
----
How can I get this configured so that UserA can access the folderA in domain A from his domain C account?
this is part of a wider excercise so any solution needs to be as simple as possible, the ideal would be that there is someway to force windows to check the users SID history against the applied security groups? I think due to organisational restrictions we wont be able to re-ACL the files in domain A.
Thanks in advance!