Re: ADMT and SID's

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Simon Geary (simon_geary_at_hotmail.com)
Date: 08/24/04 

Date: Tue, 24 Aug 2004 21:59:41 +0100

When you perform the sid history migration your new 2003 AD user accounts
will have two SIDs: One for the new account and one listed under sidhistory
that is the SID from the old NT domain. If all goes to plan, your migrated
users will still be able to access resources in the NT domain as they would
have the same NT SID associated with the account and it is the SID that is
used to grant or deny access to resources.

This kb might help you http://support.microsoft.com/?id=322970 Also do a
search on the Microsoft web site for sIDHistory and you will get a lot of
useful links.

"gtmtnbiker98" <anonymous@discussions.microsoft.com> wrote in message
news:54c301c48a12$69b105f0$a301280a@phx.gbl...
> We are embarking on an upgrade of our existing NT 4 domain
> to AD running Windows 2003 Standard. Once we migrate the
> existing user accounts along with the associated SID's,
> how seamless will it be to bring the data over to the new
> domain. Will the NT 4 SID's associate with the 2003 AD
> accounts?
>
> To explain it a little better, we are wanting to perform
> an incremental rollout, bringing a select number of
> machines to the new AD; however, we must ensure
> availability of network resources. We are using Iomega
> NAS' to store our shared files and once we join the NAS'
> to the new domain, will we have to reconfigure the share
> and NTFS permissions using the new 2003 AD accounts?
>
> We are trying to avoid reconfiguring every network
> resource with the new AD accounts - hoping that the NT 4
> permissions will carry over once the machines are joined
> to the new domain.
>
> Thanks

Relevant Pages

  • RE: SIDS show instead of user names
    ... I'd like to make sure the sid can be resolved at the same time you see SID ... As far as the accounts being deleted in AD, ... Go to Capture --> Networks to choose the correct network card by ...
    (microsoft.public.win2000.active_directory)
  • RE: ADMT - SID History Issues, Cannot access resources in old domain
    ... the permission to access the old resource. ... Since OldDomain\User1 is a built-in group we cannot use ADMT to migrate it. ... we are able to use Security Translation Wizard with a SID ... on all the Windows 2000 computers with different user accounts. ...
    (microsoft.public.windows.server.migration)
  • RE: SIDS show instead of user names
    ... name is always followed by the SID. ... As far as the accounts being deleted in AD, ... Go to Capture --> Networks to choose the correct network card by ...
    (microsoft.public.win2000.active_directory)
  • Re: EFS/NTFS
    ... it *is* a standalone and no I didn't back ... I think the SID would have been the key here since the ... entire accounts folders and certificates are intact. ... you would not be able to get back your EFS files ...
    (microsoft.public.windowsxp.security_admin)
  • Re: NT4 Client in W2K3 AD migrated / SID
    ... the Windows shell calls the LookupAccountSid function to contact ... Can you add accounts from the old domain or the new ... But the next time I check the ACL ... |>>are display as SID not as account names. ...
    (microsoft.public.windows.server.migration)