Re: modify sIDHistory

• From: "Jorge de Almeida Pinto [MVP]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
• Date: Wed, 1 Feb 2006 23:06:50 +0100

not possible to do it the way you are mentioning

try using the clone principal scripts from MS. (VB scripts) (reskit or supp. 
tools)

-- 

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"John E Davis" <JohnEDavis@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message 
news:3F26FD28-26EE-4F9A-8FE7-B804AA321059@xxxxxxxxxxxxxxxx
> Can someone explain this limitation so to speak?
>
> I have also run into an issue where I used ADSI Edit in order to locate 
> the
> user that I wanted to modify. After going to the properties of the user I
> selected sidHistory and pasted the octet value of the user sid that I 
> wanted
> to use. I selected add and then apply. I received a access denied error 
> from
> the system. The logged in user was the Enterprise and Schema Admin.
>
> What process is the ADMT tool using that allows it to create and append 
> the
> old SID? I don't see why you can't manually replicate that without having 
> to
> use the tool. The main reason behind this, is E-Directory is being used to
> create users in AD and publish the old SID in the attribute value of the 
> user
> created SID. At any rate, i just want to know if there is an easier way to
> modify SIDHistory manually, without using any tools...because E-Directory 
> is
> unable to run Windows Tools, but it can call VBS Scripts to run.
>
> Thanks,
>
> John
>
>
> "Michael D'Angelo" wrote:
>
>> "Damir Kh. Shakirov" <DamirKhShakirov@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> message news:0146C31B-D181-414A-9220-3D52C439BB18@xxxxxxxxxxxxxxxx
>> > Whether it is possible modify attribute sIDHistory by means of ADSI 
>> > Edit?
>> > I wish by means of ADMT to clone accounts from domain A in domain B. 
>> > And
>> > then to copy attribute sIDHistory at clones in this attribute already 
>> > at
>> > existing accounts.
>>
>> You can't use ADSI Edit to do this.  There is an api you must call to do 
>> it.
>> Here is a sample in VB.NET which will do it.
>> Option Explicit On
>>
>> Public Module SidHist
>>
>> Public Sub ClonePrincipal(ByVal srcDC As String, ByVal srcDom As String,
>> ByVal srcSam As String, ByVal dstDC As String, ByVal dstDom As String, 
>> ByVal
>> dstSam As String)
>>
>> ' Create the COM object implementing ICloneSecurity Principal
>>
>> Dim clonepr
>>
>> clonepr = CreateObject("DSUtils.ClonePrincipal")
>>
>> ' Connect to the source and destination domain controllers
>>
>> clonepr.Connect(srcDC, srcDom, dstDC, dstDom)
>>
>>
>>
>> ' Add the SID of the source principal to the sid history of the 
>> destination
>>
>> ' principal.
>>
>> clonepr.AddSidHistory(srcSam, dstSam, 0)
>>
>>
>>
>> End Sub
>>
>> End Module
>>
>>
>> 


.

• Prev by Date: Re: Running DCPROMO issues
• Next by Date: Re: pdc emulator crash questions
• Previous by thread: Windows Update + Active Directory/Group Policy == Pain
• Next by thread: Re: partial replication
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint