sidHistory

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Tim Chin" <donotemail>
Date: Mon, 21 Apr 2008 16:10:45 -0500

What happens to ACLs with sidHistory in them when the source domain is
decommissioned and powered off? My environment had 5 domains that
consolidated down to one with resources everywhere. The ultimate goal is to
migrate the now single domain/forest to a new forest namespace and remove
sidHistory as part of that migration as SIDs are all over the place right
now.

My question is: What happens to the ACEs that point to object's sidHistory
attribute when the 4 current domains are shutdown? Will it just revert to a
plain old SID? Currently, they show DOMA\username (DOMB\username) where
they are used.

Any help is appreciated.
Tim

.

Follow-Ups:
- RE: sidHistory
  - From: Garry Starck

Prev by Date: Re: How to stop all authenticated users from adding computers
Next by Date: Re: Adding groups to development domain from trusted production do
Previous by thread: How to stop all authenticated users from adding computers
Next by thread: RE: sidHistory
Index(es):
- Date
- Thread

Relevant Pages

Re: Backing Up SID-histories?
... > And can I import them back with ldifde, ... It is not that easy to backup SIDhistory values of users the way you ... As long as the source domain is available ... To my knowledge it is not possible to inject SIDs into a sidhistory ...
(microsoft.public.win2000.active_directory)
RE: NT-2003 Migration SID History
... SIDHistory will work even when the old domain is decomissioned. ... SIDs from the ACLs and the ... Joining the server to new 2003 domain does not touch the ACLs on the server ... This posting is provided "AS IS" with no warranties, ...
(microsoft.public.windows.server.migration)
RE: sidHistory
... "Tim Chin" wrote: ... My environment had 5 domains that ... sidHistory as part of that migration as SIDs are all over the place right ... What happens to the ACEs that point to object's sidHistory ...
(microsoft.public.windows.server.active_directory)
Re: sidHistory
... if the data contains the old ACEs, accounts with sidhistory populated are able to still access the data whether or not the old domain are there. ... Always test ANY suggestion in a test environment before implementing! ... The ultimate goal is to migrate the now single domain/forest to a new forest namespace and remove sidHistory as part of that migration as SIDs are all over the place right now. ... What happens to the ACEs that point to object's sidHistory attribute when the 4 current domains are shutdown? ...
(microsoft.public.windows.server.active_directory)
RE: GPMC Migration table populate with wrong source name
... That is becuase you have keep the SIdHistory. ... One group have two SIDs, ... when you check the ACL, SID will be announced to in the network to find the ...
(microsoft.public.windows.server.migration)