Announcement

Collapse
No announcement yet.

Using Hyena in a NT4/AD Environment

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using Hyena in a NT4/AD Environment

    We log into an NT4 domain. I am a domain admin in the NT4 domain. We regularly administer a trusted/trusting active directory domain with Hyena. Often, we cannot access resources on a server in the AD domain using Hyena because we get a lot of access denied messages. My username and password are the same in both NT4 and AD domains. How can I 'authenticate' myself to AD so Hyena works 100%?

  • #2
    Re: Using Hyena in a NT4/AD Environment

    As long as your username and password are the same in both domains, Windows will use pass-thru authentication to authenticate your account.

    Without having more details to go on, I would have to assume that your account in the AD domain may be limited to some degree, such as you've been delegated permissions to perform certain functions only, etc.

    If this doesn't sound like the situation, send details on what exactly you are doing when you get these errors, and screen shots of the errors to [email protected]

    Comment


    • #3
      Re: Using Hyena in a NT4/AD Environment

      I have scene a similar issue. I log into Hyena using my NT credentials on the NT domain and try to access the trusted 2000 domain.

      I can pull up and modify the exchange properties for a user no problem.

      Yet when I attempt to modify and of the users properties in 2000 i get the following error in Hyena

      "Unable to save Active Directory data. Access is denied. -- Entended Error --- LDAP Provider : 00002098: SecErr: DSID-03150546, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0"

      Do i fall under the same solution as the other fellow who started this thread?

      I am added into the Domian Admins group for bot the NT and 2000 domains.

      Comment


      • #4
        Re: Using Hyena in a NT4/AD Environment

        As a test, try using Active Directory Users & Computers on the same computer you are running Hyena from, and let us know what happens when you modify the same user account on the 2000 domain.

        Comment


        • #5
          Re: Using Hyena in a NT4/AD Environment

          <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
          <span style="font-weight: bold">As a test, try using Active Directory Users & Computers on the same computer you are running Hyena from, and let us know what happens when you modify the same user account on the 2000 domain.</span></div></div>

          I opened Hyena using the "run as" with my AD credentials and all was fine. I am logged into XP with my NT credentials.

          Comment


          • #6
            Re: Using Hyena in a NT4/AD Environment

            <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by avengerdx:
            <span style="font-weight: bold"> I opened Hyena using the "run as" with my AD credentials and all was fine. I am logged into XP with my NT credentials.</span></div></div>

            The funny thing now is....

            Im logged into my pc with my NT Credentials. I start Hyena with the 'run as' set to my 2000 credentials. I now can manage 2000 accounts but NOT NT Domain accounts.

            So the exact opposite exists as well

            Comment


            • #7
              Re: Using Hyena in a NT4/AD Environment

              Yeah I've had all sorts of weird behavior going from our NT4 to our AD domain. It definitely helps to have your username and password equal in both domains and have a two way trust. But I still get weird errors from time to time. If I put Hyena in our AD domain, it works fine in that domain, but we're still logging into our NT4 domain, so that's where I need to be.

              <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by avengerdx:
              <span style="font-weight: bold"> The funny thing now is....

              Im logged into my pc with my NT Credentials. I start Hyena with the 'run as' set to my 2000 credentials. I now can manage 2000 accounts but NOT NT Domain accounts.

              So the exact opposite exists as well</span></div></div>

              Comment


              • #8
                Re: Using Hyena in a NT4/AD Environment

                Hey Hyena gods any info on this?

                Comment


                • #9
                  Re: Using Hyena in a NT4/AD Environment

                  Hyena does not handle authentication, but rather Windows does. Unfortunately Hyena has no control over this process.

                  Some standard things to check: Your rights, the trust relationships, how other utilities behave, possible existing connections with conflicting credentials, etc.

                  Comment


                  • #10
                    Re: Using Hyena in a NT4/AD Environment

                    <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
                    <span style="font-weight: bold">Hyena does not handle authentication, but rather Windows does. Unfortunately Hyena has no control over this process.

                    Some standard things to check: Your rights, the trust relationships, how other utilities behave, possible existing connections with conflicting credentials, etc.</span></div></div>

                    All of these have been checked and it remains that Hyena does not appear to support managing both an NT and AD domain at the same time.


                    R

                    Comment


                    • #11
                      Re: Using Hyena in a NT4/AD Environment

                      We know of thousands of users of Hyena that use it to manage both NT and W2K environments at the same time. Unfortunately, all of the Microsoft functions that Hyena uses operate as black-box interfaces: we use them to carry out an action, and we don't know what happens once we initiate the action. Unless you perform a Logon As action on a NT domain controller, there are not any authentication mechanism in Hyena at all: everything relies on the current user credentials of the current account. Why the normal default authentication mechanism in Windows is failing in your environment is a mystery, but I would imagine that if you loaded User Manager/Server Manager on your computer and used them, they would have the same access problems when Hyena does as they all use the same functions.
                      Kevin Stanush
                      SystemTools Software Inc.

                      Comment


                      • #12
                        Re: Using Hyena in a NT4/AD Environment

                        That is correct. Usermanager see's the same problems as Hyena. I guess whe trying to manage Apples and Oranges for domains at the same time can be difficult. I will investigate our trusts as it is obvious that thay is more then likely where the problem lies...


                        Thanks

                        Comment


                        • #13
                          Re: Using Hyena in a NT4/AD Environment

                          The main thing about the "cheat" of using the same username and password is that MS decided to tighten things up a bit in AD. For certain AD actions, it authenticates against the AD domain, by using more than just username/password.

                          No easy fix, especially when the installation of Hyena on a box in an NT domain sets itself up a bit differently than when installed on a box in an AD domain.

                          Only thing I can see is logging on to the AD domain to manage it, and logging on to the NT domain to manage that.

                          Comment


                          • #14
                            Re: Using Hyena in a NT4/AD Environment

                            What do you mean by Hyena sets itself up differently when installed on an NT 4.0 box vs. a Windows 2000 install ?
                            Kevin Stanush
                            SystemTools Software Inc.

                            Comment


                            • #15
                              Re: Using Hyena in a NT4/AD Environment

                              <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by kstanush:
                              <span style="font-weight: bold">We know of thousands of users of Hyena that use it to manage both NT and W2K environments at the same time...</span></div></div>

                              I am one of the "thousands". We have an AD tree running in native mode and 9 NT master account domains each with a 2-way trust with the AD. I am able to administer both environments fully using my admin account in either domain (although I prefer to login to the AD). One thing I will mention: SID History may be playing a part in your situation. If your AD account was created instead of migrated (retaining the SID History), then try migrating your NT account to the AD. If your AD account was migrated, then try creating a new one (thus creating a new SID).

                              There are several other possibilities that may be in play in your situation, but look into that first. Hope this helps.

                              Jonathan Senn

                              Comment

                              Working...
                              X