I have a windows 2003 server (DC) promoted to Domain Controller. The users and the computers are defined in Active Directory.

I was able to successfully join a winNT and win2000 computer to the domain and browse the users that are defined on the domain controller.

Was successful in joining a win2003 server (member) to that domain but unable to browse the users on the domain controller when trying to add a user. Do I have to change the role of the win2003 (member) to active directory in order to see those users? One of my friends did this to the (win2003 member) and it blew away the local users and becomes a secondary domain controller joining an existing domain. I want to keep the win2003 (member) from not being a DC and keep those local users.

Any way around this? I'm guessing this problem will not arise if the DC is win2000?

Thanks.
Back to googling.

Member can easily join the domain.... whether NT4, 2k, or 2k3.

NT4 may have problem browsing to the DC, if you have the security turned way up on the 2k3 DC, but normally you're ok.

If any other non-2k3 member wants to be a DC, the domain must still be in mixed mode. However, this doesn't affect member servers at all.

I assume the DC is also using AD integrated DNS?

Are all the member servers pointing to that DC server, as their DNS server? (that's how they locate DCs)

All the member servers are pointing to that DC server as their DNS server. There was no problems joining to the domain. I can browse from the win2003 (member) to the shared drives on the domain controller.

The DC recognizes the win2003 (member) in active directory and on the DC I can use computer management for win2003(member) and force the domain users onto it.

Problem is when I browse the location on the win2003 (member) in order to add a user that is located on the DC. Only the local computer location is showing up and not the domain.

There is an ADMT program that migrates users but I think it will just add the domain users to the win2003 (member) as local users.

I have a feeling the win2003 (member) has to be assigned as a role, DC (trying to avoid even though it's not primary)to activate active directory and then join the 2003 domain. Or load in win2000 as domain controller. Go figure, I thought I would have had problems with NT and 2000 but it turns out to be the easiest.

no no no... nothing like that.

it should work.

you're saying, that when you say try and set file permissions on a folder on the member server, that you don't get a domain list of users?

for example, the very server we're posting on here, is a member server to my dc.

the browser window/search window, in 2k3 is a little different... make sure you've explored all options on that.

Right. When I try to to set file permissions or add a domain user to the group in the 2003 member server only the local users shows up. I've gone though the locations, object types, Advanced section. Checked the sharing tab\permissions and the security tab. I made sure the PDNS is the DC and suffixes added.

Funny thing is when I'm setting up the web services in IIS, directory security\authentication, in default domain I can search and it will find the domain. From 2003 member I can browse\open all files on all computers (2003DC, NT, 2000).

So your server is a win2003 member to a win2003 DC without the win2003 member promoted to a secondary DC?

The 2003 member has not been approved to be a DC even if its secondary hence our restriction. What else am I missing?

Preciate any insight you may have.

yeah. exactly.
member servers are just that... most are never DCs.

try just giving a domain user some rights to a folder, rather than trying to add a user to a group.