ADMT SID History Question ?
From: Burnsie (stuartdavidburns_at_hotmail.com)
Date: 02/07/05
- Next message: Rebecca Chen [MSFT]: "RE: Migrating 2000 workstations to 2003 domain"
- Previous message: Rebecca Chen [MSFT]: "RE: Migrate from NT4 to Server 2003"
- Next in thread: Frances [MSFT]: "RE: ADMT SID History Question ?"
- Reply: Frances [MSFT]: "RE: ADMT SID History Question ?"
- Messages sorted by: [ date ] [ thread ]
Date: 7 Feb 2005 02:10:28 -0800
Do i need to run the Security Translation Wizard / Exchange Directory
Migration Wizard after i have migrated accounts including SID history
??
I am testing this in a lab and my view is no i don't have to run these
tools as SID history will have taken care of access to resources. (If
i'm wrong please explain why !)
Here is the setup :
NT4Domain - NT4 source domain
two way tust between domains
2k3Domain - 2003 AD target domain (2003 func level)
User accounts to be migrated are in NT4 domain.
Resources (file shares & exchange5.5 mailboxes) are in 2k3domain
I have migrated the user accounts with SID history and when i view
permissions on the resources they appear as the new account ie
2k3domain\miguser (without using any of the security translation wizard
/ exchange tools.) In which case why do i have to run these tools as
the permissions are the way i want them ?
If someone could expalin how SIDs are resolved this would probably help
explain it. ie when a resource has a ACE (SID) in a DACL where doe it
look to findout who owns the SID? does it look in its own domain first
then query trusted domains ?
My view is that you only need to run the sec trans wiz & exch dir mig
wiz if you are not using SID history ????
- Next message: Rebecca Chen [MSFT]: "RE: Migrating 2000 workstations to 2003 domain"
- Previous message: Rebecca Chen [MSFT]: "RE: Migrate from NT4 to Server 2003"
- Next in thread: Frances [MSFT]: "RE: ADMT SID History Question ?"
- Reply: Frances [MSFT]: "RE: ADMT SID History Question ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
