Re: Migrating accounts nt4 to 2k3 and SIDs

This sounds like a problem I had with an Interforest migation. Perhaps it's
yours as well.

http://support.microsoft.com/kb/289243/en-us

netdom trust /quarantine

--
/kj
"CGeneva" <CGeneva@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:46A702B8-A6E3-45D2-A8E2-FADA557F02B8@xxxxxxxxxxxxxxxx
Yes, I migrated both the groups and the users with SID history.

When I migrated the groups, I selected:
Update User Rights
Fix membership of group
Migrate group SIDs to target domain.

Incidentally, the migrated users also can not access their Exchange
mailboxes.

"Jorge de Almeida Pinto [MVP]" wrote:

have you also migrated the groups with sidhistory and group memberships?

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"CGeneva" <CGeneva@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CAAC0E83-C503-46F2-88CC-EA0A6F7D7BE9@xxxxxxxxxxxxxxxx
I'm in the process of migrating my accounts between an NT4 domain and a
2k3
AD. I have a trust set up and I've turned off SID filtering. How do
SID
histories work with my user accounts. When I migrate user accounts and
groups to the 2003 AD should they still have access to all the
resources
on
the NT4 domain?

What I'm trying to prevent is having to readd all the newly created AD
groups to resources in the NT4 domain.

Can anyone push me in the right direction for how I can accomplish this
with
SID histories or what I'm missing? After I moved the user accounts
with
SID
history I'm not able to access the old NT4 resources.

Thanks.





.

Relevant Pages

  • Re: Migrating accounts nt4 to 2k3 and SIDs
    ... I have a trust set up and I've turned off SID filtering. ... histories work with my user accounts. ... groups to resources in the NT4 domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Migrating accounts nt4 to 2k3 and SIDs
    ... I have a trust set up and I've turned off SID filtering. ... histories work with my user accounts. ... groups to resources in the NT4 domain. ...
    (microsoft.public.windows.server.active_directory)
  • RE: ADMT - SID History Issues, Cannot access resources in old doma
    ... permission to use this network resource. ... we need to re-ACL the resources. ... we are able to use Security Translation Wizard with a SID ... Create a SID mapping file. ...
    (microsoft.public.windows.server.migration)
  • Re: ACLs and permissions viewed after Migrating from NT 4 domain... The twilight zone?
    ... And if I decomission the old NT4 domain this should ... (the little problem I have noticed is that if you give permissions to both ... > to the new w2k user's sid history. ... > it also checks the sid history when attempting to crack a sid to a user. ...
    (microsoft.public.win2000.security)
  • Re: ADMT/Sidhistory not working
    ... Not unless you are using the account from the old domain. ... you need to grant your "new" groups in the new domain the permissions on the ... permissions to resources in the OLD domain. ... sid history, you are using the old user account, and thus the old sid. ...
    (microsoft.public.windows.server.active_directory)
Loading