Re: SID Hitory Not Working after ADMT 3 Migration

---

• From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
• Date: Thu, 06 Jul 2006 05:11:55 GMT

---

Hi Greg,

As you said "Which is located on the user accounts profile tab" , are you
using roaming profile? Did the the server which stored the profile migrated
or not?


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

From: "Greg H" <gphalpin@xxxxxxxxx>
Newsgroups: microsoft.public.windows.server.migration
Subject: Re: SID Hitory Not Working after ADMT 3 Migration
Date: 5 Jul 2006 13:59:57 -0700
Organization: http://groups.google.com
Lines: 105
Message-ID: <1152133197.214710.116070@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1151702606.593288.140430@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
<eYYCT5AoGHA.4124@xxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 128.118.17.15
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Trace: posting.google.com 1152133202 15428 127.0.0.1 (5 Jul 2006

21:00:02 GMT)

X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Wed, 5 Jul 2006 21:00:02 +0000 (UTC)
In-Reply-To: <eYYCT5AoGHA.4124@xxxxxxxxxxxxxxxxxxxx>
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;

..NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)

Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: a14g2000cwb.googlegroups.com; posting-host=128.118.17.15;
posting-account=Ke3t7g0AAADgUVDPAh-d2SjTPvyYW4bD
Path:

TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed00
..sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.
giganews.com!nntp.giganews.com!postnews.google.com!a14g2000cwb.googlegroups.
com!not-for-mail

Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.windows.server.migration:24325

X-Tomcat-NG: microsoft.public.windows.server.migration

Yes, I have disabled SID filtering and I have enabled SID history using
the netdom trust command.
Sid history via groups is working. As for Home directories, I'm to the
user's home folder, which is located on the user accounts profile tab.
I'm also referring to folders on servers to which I gave just one user
specific access. The users cannot a
curieux wrote:

Hi Greg H,

Have you disable SID filtering ?
How-to :

http://technet2.microsoft.com/WindowsServer/en/Library/52b395b4-0313-47d8-87
d4-fb1dd4d5c4701033.mspx?mfr=true

Explication des liaisons entre Migration et filtrage Sid :

http://technet2.microsoft.com/WindowsServer/en/Library/bde2f3b0-3cd9-46f3-85
5f-4a39a25f98ee1033.mspx?mfr=true

Best regards,
Curieux


"Greg H" <gphalpin@xxxxxxxxx> a écrit dans le message de news:
1151702606.593288.140430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hello All,
I have read a lot of posts and found a lot of good information for the
migration we are doing but cannot find an answer to a SID history
problem we have.

I am using ADMT 3.0 to migrate users from a Windows 2000 domain to a
Windows 2003 domain in a separate forest. When I migrate the users,
the log shows that SID history was added to the users new account in
the new domain. A log sample is below. I did not migrate groups
because we need to clean up our groups and are creating new groups in
the new domain. Even when I tried migrating groups, SID history did
not work.

I have also disabled SID filtering using the netdom trust tool but

that

did not correct the problem. I have restarted the domain controllers
several times. Also, I'm not referring to built-in groups. I'm
referring to Domain Local and Global groups that we created to
permission data.


Using the security translation tool, the users still have their
profiles on their computers but they cannot access resources in the

old

domain unless we add them to a Domain Local group in the old domain or
repermission the old resources.


I appreciate any help on this.


Thanks,


Greg


[Settings Section]
Task: User Migration (9)
ADMT Console
User: UDLA\mstreet
Computer: laitpndns02.UDLA.tsu.edu (LAITPNDNS02)
Domain: udla.tsu.edu (CLA)
OS: Microsoft Windows Server 2003 R2 5.2 (3790) Service

Pack 1
Source Domain
Name: fsip.tsu.edu (FSIP)
DC: MAZDA.fsip.tsu.edu (MAZDA)
OS: Windows 2000 Server 5.0 (2195) Service Pack 4
OU:
Target Domain
Name: udla.tsu.edu (UDLA)
DC: laitpndns02.udla.tsu.edu (LAITPNDNS02)
OS: Windows Server 2003 5.2 (3790) Service Pack 1
OU: LDAP://udla.tsu.edu/OU=Staff,OU=Standard,OU=CLA User
Accounts,DC=udla,DC=tsu,DC=edu
Intra-Forest: No
Password Option: Copy passwords, only for new objects = No
Password Export Server: MAZDA.fsip.tsu.edu
Migrate Security Identifiers: Yes
Update Rights: No
Translate Roaming Profiles: No
Fix group membership: Yes
Conflict Option: Ignore
Source Disable Option: Leave source account
Source Expiration: Do not expire source account
Target Disable Option: Set target same as source
Migrate groups: No
Migrate service accounts: Yes


[Object Migration Section]
2006-06-30 09:44:07 Starting Account Replicator.
2006-06-30 09:44:08 CN=data migrate - Created
2006-06-30 09:44:08 SID for FSIP\dmigrate added to the SID History of
UDLA\dmigrate
2006-06-30 09:44:09 CN=data migrate - Password Copied.
2006-06-30 09:44:09 Operation completed.

.

---

• Follow-Ups:
  • Re: SID Hitory Not Working after ADMT 3 Migration
    • From: Greg H

• References:
  • SID Hitory Not Working after ADMT 3 Migration
    • From: Greg H
  • Re: SID Hitory Not Working after ADMT 3 Migration
    • From: Greg H

• Prev by Date: RE: Reuse Server Name
• Next by Date: RE: NT4.0 to 2003 Trust Error
• Previous by thread: Re: SID Hitory Not Working after ADMT 3 Migration
• Next by thread: Re: SID Hitory Not Working after ADMT 3 Migration
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: exchange 5.5 test lab ... Is SID history a requirement when migrating NT4.0 accts to a new ... this would be consider as an inter-org migration since an exchange org ... Hope I am not making this too difficult but perhaps my migration path should ... | migration tool NetIQ to migrate all our NT accounts to win2003. ... (microsoft.public.exchange.admin) Re: NT4 to W2003 Server ... > If you dell machine support NT, you can format the Dell machine to install ... > user accounts, groups, and other settings from the PDC. ... > With regards to the user profile, if you have used roaming profile, the ... > Active Directory Migration Tool Overview ... (microsoft.public.windows.server.migration) RE: Profile migration ... There are several methods to migrate the user profile. ... ADMT to achieve this goal. ... Remigrating User Accounts and Workstations in Batches ... Use USMT - the user state migration tool. ... (microsoft.public.windows.server.migration) ADMT SID History Question ? ... Do i need to run the Security Translation Wizard / Exchange Directory ... Migration Wizard after i have migrated accounts including SID history ... User accounts to be migrated are in NT4 domain. ... (microsoft.public.windows.server.migration) RE: Profile problem during migration ... We are migrating with SID History. ... Can we use the same article for our migration? ... > profile translation in add mode, software installation by means of software ... > packages) might not function after the profile is translated. ... (microsoft.public.windows.server.migration)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.migration  > 2006-07