I have a win2k3 native domain at work, and have been supplied with a win2k8 server to use as a network share. However, my organization requires that we be able to use granular permissions on certain portions of the share. I am not permitted to join this new server to the domain. (for configuration control reasons - we are a satellite organization that must maintain a certain paralel with sister installations)
As expected, I can remote into the server from the domain, and access the servers share. Of course when accessing the share, the user is prompted for credentials, and must supply credentials that are good on the 2k8 fileserver.
As a test, using workgroup networking knowledge I have not had to use in years, I created a copy of my own account from the domain on the local 2k8 server, with the same p/w as on the domain. When trying to access the share, I am presented with a "the account has been locked out", and sure enough, when remoting into the 2k8 machine, i see that my account is locked. The local 2k8 account will lock each time I attempt to access the share from my domain account.
My issues are these:
-Why does the local version of the account lock?
-What is the best way to migrate all of my (several hundred) domain users to the 2k8 machine? I have considered utilities like ldifde, but I don't have much experience with it, and don't know if it's results can be uploaded to a SAM.
Thanks in advance for any help/advice.
Val