I have DC in a DMZ where I can easily look up domain accounts from our internal domain under the NTFS permission if I tried to add users/groups to folder NTFS permission whiles logged in to the DMZ DC. However, member servers in the same DMZ are unable to return any internal domain accounts when I clicked "Check Names" on NTFS folder permissions. I have done all the troubleshooting I can think of: ping is ok, port query from DMZ servers (both DMZ DC and members servers) return same open ports. At this point I'm not entirely sure where and why the member servers aren't returning any internal domain account whiles the DMZ DC does. Is there a group policy I should be looking at ? where ? on the internal domain DC or DMZ DC? Any ideas and thought are welcome. I ruled out trust issues because DMZ DC seems fine.