Re: is it posible to change user's sid

Tech-Archive recommends: Speed Up your PC by fixing your registry

Your subject line and question seem to contradict one another so I
confess to being a little unsure what you're after.

To address the subject line; yes and no, IMO it's more a perspective.
In essence, the name of a particular user is little more than a ~unique
point of reference to the place where the drectory stores tidbits of
useful information (telephone number, password, DOB, etc.) and the
user's true identity (by that I'm referring to their security identity
not their super-secret alter-ego). My point is this, the SID _is_ the
user. To change a user's SID, delete or rename the existing user,
create another with the same name and configure it accordingly (place it
in the same groups, etc.).

Cloning can be performed using any number of tools including those
mentioned by Jorge (which are free by the way) (pay careful attention to
whether the source and target domains are in the same forest vs. in
different forests and what mode the domain is running in).

Again, as Jorge mentions, the GUID and SID for any two objects are
~guaranteed to be unique (the GUID has little baring outside of
system-only purposes ... there are some, but they're few and far
between). Active Directory also attempts to enforce uniqueness on a per
domain or per forest basis for a number of other identity related
properties, for example - sAMaccountName, userPrincipalName.

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

guzzi wrote:
How could i clone user from one domain to another?
Beside that SID is there anything else that will be always different?

TIA


.

Relevant Pages

  • Re: Active directory user accounts
    ... I don't know how your app pulls the users in, ... The SID is fixed to the user unless the user is moved to another domain. ... The GUID is fixed for every object in the forest. ... I create groups in this software and move the active directory users into different groups. ...
    (microsoft.public.win2000.active_directory)
  • RE: Unknown GUID in User List
    ... It sounds like you are seeing the SID for a user who either no longer ... or who belongs to another forest which may have ... Please provide more information about the environment if this does not ... | control but the GUID has not been resolved to a user name. ...
    (microsoft.public.win2000.active_directory)
  • Re: sids and sid history
    ... If that object is a security principal it will also get a SID which is scoped to a certain AD domain. ... If you move a security principal between AD domains in the same AD forest the GUID will NOT change, but the SID will change ... The message was checked by ESET Smart Security. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Does User SID Ever Change?
    ... You are correct that a sid is domain specific while GUID is forest specific. ... You bring up a good point though: Phil should be looking to GUID vs. SID to ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADMT - Security Translations -- How does it work
    ... change at all unlike its SID. ... So does this mean that no two AD objects can ever have the same GUID even ... across or not when you do a migration. ... or if you move between domains (same forest) like a SID will. ...
    (microsoft.public.windows.server.active_directory)