SIDHistory and kerberos max token size
- From: "P" <p@xxxxx>
- Date: Tue, 26 Sep 2006 16:49:55 +0800
Hi
I have to migrate from one win2003 native domain to another in the same
forest. Currently, kerberos max token size on the client had to be modified
because each user is a member of almost 1000 groups (don't ask ).
As per http://support.microsoft.com/kb/327825, max token size is 100000
An AD policy has been set to do this domain wide.
Now if I migrate the users and groups over a staged timeframe, will the
SIDHistory attribute have any negative impact on this? It doesn't change how
many groups the user is a member of, but the groups themselves will have a
sid history as well as the user accounts right?
Some of sites this current domain services are remote where the resource
server is also the domain controller. Therefore the resources will still be
on a server in the old domain for a while until all the users and groups are
cut over.
Will I have to be careful here? Will this catch me out?
regards
Paul
.
- Follow-Ups:
- RE: SIDHistory and kerberos max token size
- From: Vincent Xu [MSFT]
- RE: SIDHistory and kerberos max token size
- Prev by Date: Universal Groups
- Next by Date: Security Translation on ADMT2.0 problem
- Previous by thread: Universal Groups
- Next by thread: RE: SIDHistory and kerberos max token size
- Index(es):
Relevant Pages
|
