You have obviously done some homework, so here goes. You could have one of two (actually three) possible problems. One possible problem is using policies on the Windows Network. This could have been set up by a previous administrator, programmer or configuration user. If you have a directory in the root called /Policies, then you should search for policies in the AS/400 System Security manual located in the AS/400 library. It will contain details of how the policies and policy files are used by Windows-based machines.
The second possible problem is that normally a user profile must be set up as a guest for the Network Neighborhood to operate on a security level above 30. The book doesn't say that it is dependant on the level, but I moved one of my systems from 30 to 40 and had to create the guest profile for me to see my AS/400. Details for the setup required for CA/400 on Win95/NT (Also applies to CA/Express) are found here.
The unnamed third problem is Microsoft and Windows 2000. There isn't a solution to this problem, but the workarounds above should do it. Windows 2000 is not compliant with LDAP standards. If a call is made from a non-Microsoft system (contained in the call) to initiate LDAP services, Windows 2000 does not supply all of the required objects to establish the connection. This has been documented and posted at a number of sites. Although most say Microsoft denies that this is the case, one site actually posted the data streams showing the denial of access to certain objects.
This was first published in April 2001