SIDHistory - can the source user account access resources on the target domain

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Rob Savage (info_removethis__at_robsavage.com)
Date: 07/01/04

• Next message: Chris: "Error in ADMT user migration log...."
• Previous message: Alex Ackley: "NT 4.0 Web/DB App move to Win2k3"
• Next in thread: Bob Qin [MSFT]: "RE: SIDHistory - can the source user account access resources on the target domain"
• Reply: Bob Qin [MSFT]: "RE: SIDHistory - can the source user account access resources on the target domain"
• Reply: Marin Marinov: "Re: SIDHistory - can the source user account access resources on the target domain"
• Messages sorted by: [ date ] [ thread ]

---

Date: 1 Jul 2004 07:47:31 -0700

I understand the concept of SIDHistory whereby the user's new account
on the target domain can access reources on the source domain due to
having the source SIDs attached to its access token.

But..

...would running ADMT to create new accounts on the target domain for
my users then allow the original source domain accounts to access
resource on the target domain?

Reason for asking is that I want to move my users onto the new mail
server in the target domain ASAP, but I don't want them logging onto
the new domain yet.

My goal is to have them continue logging onto the existing domain, but
through ADMT automate the process of giving each user permissions on
their mailbox on the new server.

It feels like a bit of a long shot - is it?

Plan B is to have them start logging onto the new domain, but I have a
large amount of resource still in the existing domain which I would
then have to re-code my logon scripts for... (not just mapped drives -
code that refers to the domain would need re-writing, re-testing etc.
etc.)

Cheers

Rob

---

• Next message: Chris: "Error in ADMT user migration log...."
• Previous message: Alex Ackley: "NT 4.0 Web/DB App move to Win2k3"
• Next in thread: Bob Qin [MSFT]: "RE: SIDHistory - can the source user account access resources on the target domain"
• Reply: Bob Qin [MSFT]: "RE: SIDHistory - can the source user account access resources on the target domain"
• Reply: Marin Marinov: "Re: SIDHistory - can the source user account access resources on the target domain"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Migration with ADMT ... > users in an OU that has sub OU's within it, admt does not ... > the nested OU to a single OU on the target domain. ... > exactly the same as on the source domain to the target domain? ... migrate the user accounts ... (microsoft.public.win2000.active_directory) RE: migrate groups ... The "accounts " in source domain is a group or a OU? ... Do you have an object called "accounts" in target domain? ... Where can I put my migrated group account. ... (microsoft.public.windows.server.migration) Re: Inter-Forest Password Migration between 2 AD ... My target domain is a 2003 domain. ... > We need to run Pwdmig.exe on the source domain DC and install ADMT on the ... > on which you installed ADMT: ... Type the following command to create the encryption key to be used ... (microsoft.public.windows.server.migration) RE: Inter-Forest Password Migration between 2 AD ... We need to run Pwdmig.exe on the source domain DC and install ADMT on the ... The Target domain need to be native mode. ... on which you installed ADMT: ... Type the following command to create the encryption key to be used ... (microsoft.public.windows.server.migration) RE: ADMT Permissions ... You need Domain Admin rights in the Source domain. ... with the permissions in the Target domain. ... Granting the migration account Full Control of the OU to where you will ... This is why if you run it on a DC it must be a Domain Admin. ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.migration  > 2004-07