RE: SIDHistory and kerberos max token size

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi,

Totally no relationship. As well as, it increaed the token size. You don't
need to worry about this.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
From: "P" <p@xxxxx>
Subject: SIDHistory and kerberos max token size
Date: Tue, 26 Sep 2006 16:49:55 +0800
Lines: 27
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-RFC2646: Format=Flowed; Original
Message-ID: <ueyk3iU4GHA.3400@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.migration
NNTP-Posting-Host: 203.19.211.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:25142
X-Tomcat-NG: microsoft.public.windows.server.migration

Hi

I have to migrate from one win2003 native domain to another in the same
forest. Currently, kerberos max token size on the client had to be
modified
because each user is a member of almost 1000 groups (don't ask ).

As per http://support.microsoft.com/kb/327825, max token size is 100000

An AD policy has been set to do this domain wide.

Now if I migrate the users and groups over a staged timeframe, will the
SIDHistory attribute have any negative impact on this? It doesn't change
how
many groups the user is a member of, but the groups themselves will have
a
sid history as well as the user accounts right?

Some of sites this current domain services are remote where the resource
server is also the domain controller. Therefore the resources will still
be
on a server in the old domain for a while until all the users and groups
are
cut over.

Will I have to be careful here? Will this catch me out?

regards

Paul




.

Relevant Pages

  • Re: SIDHistory and kerberos max token size
    ... Migrated groups to new domain now many, many reports of "too many security ... kerberos max token size on the client had to be ... SIDHistory attribute have any negative impact on this? ... Some of sites this current domain services are remote where the resource ...
    (microsoft.public.windows.server.migration)
  • Re: resources name question
    ... Project Name % completed start date finish date resource ... If you are NOT using Project Server then we are still not understanding ... fields displayed on the "Project Coordinator" sheet? ...
    (microsoft.public.project)
  • Re: resources name question
    ... Project Name % completed start date finish date resource ... If you are NOT using Project Server then we are still not understanding ... Project Manager Sheet: ...
    (microsoft.public.project)
  • Re: Is there any difference in invoking FrontPageRPC in SPS and WSS?
    ... I'm trying to build a tree structure in windows forms. ... Kit Kai ... If that resource is a list, ... > Best Regards, ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: Why am I unable to see BCWS values for tasks?
    ... Can anything be done to rectify the situation and get a BCWS value? ... Regards ... > May be some resource Standard Rates have been set *after * the schedules are ... >> I inherited some project schedules. ...
    (microsoft.public.project)