RE: Migrating W2k3 to new W2k3 Domain

From: Richard Hall (anonymous_at_discussions.microsoft.com)
Date: 01/25/05

• Next message: Jack Wang [MSFT]: "RE: Adding AD Account to NT Global"
• Previous message: Frances [MSFT]: "RE: Win2000 and NT4 migration to Win2003"
• In reply to: Frances [MSFT]: "RE: Migrating W2k3 to new W2k3 Domain"
• Next in thread: Frances [MSFT]: "RE: Migrating W2k3 to new W2k3 Domain"
• Reply: Frances [MSFT]: "RE: Migrating W2k3 to new W2k3 Domain"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 25 Jan 2005 00:34:25 -0800

Thanks for the reply, I have checked the SID History
attribute using the ldp command and the domainb\u1 has the
sid history of domaina\u1 added. I have also re-checked
that sid filtering is turned off on both servers. I have
run the security translation wizard on a specified txt
file that contains old sid and new sid but this still does
not seam to solve my problem.

Any ideas???
>-----Original Message-----
>Hello Richard,
>
>Thanks for your post.
>
>>From your message, I understand that the issue is the
users in domainB
>cannot access the resources in domainA although the
SIDHistory is enabled
>in the migration process.
>
>I have to obtain more detailed information for your
problem. Do you perform
>an inter-forest migration involving two forests or an
intra-forest
>migration involving one forest?
>
>If you have performed the inter-forest migration, it is
possible that the
>domainB users cannot access the resources in domainA due
to the SID
>filtering set by default. You can use netdom to configure
SID filtering.
>
>Refer to the following article to use the netdom trust
command:
>
>NetDom Syntax
>http://www.microsoft.com/resources/documentation/WindowsSe
rv/2003/all/techre
>f/en-us/Default.asp?
url=/Resources/Documentation/windowsserv/2003/all/techre
>f/en-us/NetDom_syntax.asp
>
>If this is not the case, please double-check the
SIDHistory attribute.
>Also, please follow the steps below to isolate the
problem.
>
>To clarify, let us name domainA\u1 and domainB\u1 for a
migrated user u1
>.
>

---

• Next message: Jack Wang [MSFT]: "RE: Adding AD Account to NT Global"
• Previous message: Frances [MSFT]: "RE: Win2000 and NT4 migration to Win2003"
• In reply to: Frances [MSFT]: "RE: Migrating W2k3 to new W2k3 Domain"
• Next in thread: Frances [MSFT]: "RE: Migrating W2k3 to new W2k3 Domain"
• Reply: Frances [MSFT]: "RE: Migrating W2k3 to new W2k3 Domain"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages RE: Computer Acct Migration ... |Subject: RE: Computer Acct Migration ... |be able to find the SID. ... Create a SID mapping file, ... (microsoft.public.windows.server.migration) RE: ReACL when migration a FileServer between domains ... my understanding is the migration file server. ... We can simply migrate the user accounts with "Add" mode by preserving the ... SID history of the source domain in the target domain. ... (microsoft.public.windows.server.migration) RE: Computer Acct Migration ... I would like to suggest that we try a SID mapping file to see if the ... |Thread-Topic: Computer Acct Migration ... (microsoft.public.windows.server.migration) Re: sIDHistory & SID Filtering... ... If I can remove sIDHistory from AD all together, ... If you have already migrated the user accounts and kept the SID history. ... >successfully completed our migration and no longer require sIDHistory. ... (microsoft.public.windows.server.migration) RE: Data migration without trusts ... Each user account has a unique SID, and the NTFS authorization is based ... which mainly consists of SID ... not their SIDs directly when viewing the NTFS permissions? ... In addition, as for user profile, the USFT (User State Migration Tool) is ... (microsoft.public.windows.server.migration)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)