Re: ADMT and SID's

From: gtmtnbiker98 (anonymous_at_discussions.microsoft.com)
Date: 08/25/04 

Date: Wed, 25 Aug 2004 06:47:16 -0700

Right, but will the permissions need to be reassigned once
those machines hosting the resources are joined to the new
domain or will the previous permissions still allow access?

>-----Original Message-----
>When you perform the sid history migration your new 2003
AD user accounts
>will have two SIDs: One for the new account and one
listed under sidhistory
>that is the SID from the old NT domain. If all goes to
plan, your migrated
>users will still be able to access resources in the NT
domain as they would
>have the same NT SID associated with the account and it
is the SID that is
>used to grant or deny access to resources.
>
>This kb might help you http://support.microsoft.com/?
id=322970 Also do a
>search on the Microsoft web site for sIDHistory and you
will get a lot of
>useful links.
>
>"gtmtnbiker98" <anonymous@discussions.microsoft.com>
wrote in message
>news:54c301c48a12$69b105f0$a301280a@phx.gbl...
>> We are embarking on an upgrade of our existing NT 4
domain
>> to AD running Windows 2003 Standard. Once we migrate
the
>> existing user accounts along with the associated SID's,
>> how seamless will it be to bring the data over to the
new
>> domain. Will the NT 4 SID's associate with the 2003 AD
>> accounts?
>>
>> To explain it a little better, we are wanting to perform
>> an incremental rollout, bringing a select number of
>> machines to the new AD; however, we must ensure
>> availability of network resources. We are using Iomega
>> NAS' to store our shared files and once we join the NAS'
>> to the new domain, will we have to reconfigure the share
>> and NTFS permissions using the new 2003 AD accounts?
>>
>> We are trying to avoid reconfiguring every network
>> resource with the new AD accounts - hoping that the NT 4
>> permissions will carry over once the machines are joined
>> to the new domain.
>>
>> Thanks
>
>
>.
>

Relevant Pages

  • Re: ADMT/Sidhistory not working
    ... Not unless you are using the account from the old domain. ... you need to grant your "new" groups in the new domain the permissions on the ... permissions to resources in the OLD domain. ... sid history, you are using the old user account, and thus the old sid. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Resources
    ... I need the resources to be objects ... Your recommendations about permissions do make sense, ... > Assuming you mean that you need to give accounts access to resources then ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADMT/Sidhistory not working
    ... permissions to resources in the OLD domain. ... sid history, you are using the old user account, and thus the old sid. ... Now, when I used ADMT to copy the groups and users, inclusing SIDS, I had ...
    (microsoft.public.windows.server.active_directory)
  • Re: Stop mapped drives from locking AD accounts lock when passwords are changed?
    ... Whoever "possesses" the needed resource needs to grant permissions to the ... Once a Trust is set up *Everybody* uses it. ... have their accounts granted permissions to resources,...and some do ... resources on the other domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Create SID?
    ... | to websites and ftp accounts, these type of accounts I try to exclude from ... | all permissions on files and folders will continue to work. ... | tied to SID, ... |>> Anders Aleborg ...
    (microsoft.public.dotnet.languages.csharp)