Hello,we have created a Interforest two-way external trust between a Windows 2000 & Windows 2008 R2 ForestWhen I validate the trusts it says that the trust is active and in place (both domains)It's a domain wide authentication and I see the domain in the other domain, also I can add users from one domain to the other.As soon as I add a user from the other domain and click on "Apply" the user name changes into a SID nameWe also get an error message when we try to add a new user to our SQL database. It gives us the following message:Error 15401: Windows NT user or group '%s' not found. Check the name againI have followed the KB:324321 with no resultIt looks like a Trust issue but we cannot find it how to solve this strange behaviour

HIPlease review this KB Articel http://support.microsoft.com/kb/324321/en-ushttp://blog.sqlauthority.com/2007/06/07/sql-server-fix-error-error-15401-windows-nt-user-or-group-username-not-found-check-the-name-again/I hope this help!Thanks...Deva --Self-trust is the first secret of success.

Unfortunately it doesn'tI already read those articles without any luck

Hi, These problems may be caused by the following policy which was disabled on Windows 2008 system: Network Access: Allow anonymous SID/Name translation Create GPO for all both forest and navigate to: [Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options] Find above policy and enable it. Try to restart DCs and test. If the issue persists, please help to collect the following information for research: 1. Does this error occur on all accounts of both forests? 2. Create new accounts in both forests and test. 3. Try to configure the following policy and test. Network access: Do not allow anonymous enumeration of SAM accounts DISABLED Network access: Do not allow anonymous enumeration of SAM accounts and shares DISABLED Network access: Let Everyone permissions apply to anonymous users ENABLED Network access: Named pipes can be accessed anonymously ENABLED Network access: Restrict anonymous access to Named Pipes and shares DISABLED Thanks. Mervyn TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights.