pine robin
Last week we migrated one of our SVMs from olddomain.com to newdomain.com. olddomain.com and newdomain.com still have a Trust in place and will for the next few months.
One of our Mainframe clients was having issues accessing an NTFS share via NFSv3 using svcAccount which used to map to olddomain.com\svcAccount but now maps to the one on newdomain.com. I checked the share and in security tab it showed newdomain.com\svcAccount, went to the CLI and used access-check to validate that yes the UID for the Mainframe account was successfully mapping to newdomain\svcAccount. I then used file-directory show and also saw newdomain.com\svcAccount had permissions. However file-directory show-effective-permissions said no, newdomain\svcAccount only gets Synchronize, but olddomain\svcAccount has Modify access, which was a head scratcher. I reran file-directory show with -lookupnames set to false and checked the UID using access-check authentication translate and got olddomain\svcAccount. I added newdomain\svcAccount and was able to get the application working again, but I'm still confused as to why both file-directory show and the Security Tab showed newdomain\svcAccount when the SID was the one that belonged to olddomain\svcAccount. I'll have to check SIDHistory in the morning but that should be in place.