is it posible to change user's sid

4 Mar 2006 9:31 AM

guzzi

How could i clone user from one domain to another?
Beside that SID is there anything else that will be always different?

TIA

4 Mar 2006 10:31 AM

Jorge de Almeida Pinto [MVP]

when migrating (cloning) users the SID and the GUID changes. to do that you
can use ADMT or the clone principal scripts.with both you can migrate the
old SID into the sidhistory of the new user.
be aware that a best practise use of sidhistory is temporary. you should
clean it afterwards

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------

Show quoteHide quote

"guzzi" <guzzi@_DOT_yandex.ru> wrote in message
news:ePMvm52PGHA.2436@TK2MSFTNGP11.phx.gbl...
> How could i clone user from one domain to another?
> Beside that SID is there anything else that will be always different?
>
> TIA

4 Mar 2006 12:26 PM

Dean Wells [MVP]

Your subject line and question seem to contradict one another so I
confess to being a little unsure what you're after.

To address the subject line; yes and no, IMO it's more a perspective.
In essence, the name of a particular user is little more than a ~unique
point of reference to the place where the drectory stores tidbits of
useful information (telephone number, password, DOB, etc.) and the
user's true identity (by that I'm referring to their security identity
not their super-secret alter-ego). My point is this, the SID _is_ the
user. To change a user's SID, delete or rename the existing user,
create another with the same name and configure it accordingly (place it
in the same groups, etc.).

Cloning can be performed using any number of tools including those
mentioned by Jorge (which are free by the way) (pay careful attention to
whether the source and target domains are in the same forest vs. in
different forests and what mode the domain is running in).

Again, as Jorge mentions, the GUID and SID for any two objects are
~guaranteed to be unique (the GUID has little baring outside of
system-only purposes ... there are some, but they're few and far
between). Active Directory also attempts to enforce uniqueness on a per
domain or per forest basis for a number of other identity related
properties, for example - sAMaccountName, userPrincipalName.

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

guzzi wrote:

Show quoteHide quote

> How could i clone user from one domain to another?
> Beside that SID is there anything else that will be always different?
>
> TIA

4 Mar 2006 3:00 PM

guzzi

i'm asking that coz we gonne migrate our existing domain to another new
one. So i'd like to know, should i create it from the scratch including
all (~40) users accounts and then fight with SharePonit migration (it
check user name and SID), Exchange 2003 migration (or should i install
exchange from the scratch, but i need to migrate at least Calendar).

Or do you think it would be better to add new domain to forest and then
use ADMT?

Thanks

4 Mar 2006 4:14 PM

Paul Williams [MVP]

Yes of course. Anything is better than "from scratch". Migration is the
way forward from what you are saying.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net