This is one of those things that is so straightforward that the detailed writeups don’t cover it, but detailed enough that the light stuff doesn’t really verify it.
I have two domains, OLD and NEW, that have a two-way external trust between them. A share from OLD has an ACL that allows access from a domain local group, OLD\group. The share is migrated to NEW, and the permissions migrated with it, so now we have a share in NEW with an ACL that allows access from OLD\group. But OLD\group is domain-local. Should that ACL grant any access at all (i.e., should the domain local OLD\group be available for granting access to a share in NEW?)
One response to “go go windows lazyweb”
I don’t know, but I had the same question when a very similar thing was breaking an app. The admin monkeys I tried to ask about it always wanted to start talking about kerberos or something tangentally related, so I gave up and waited until they retired OLD. :P