|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
ADMT and SIDHistoryIf I tell the ADMT to use SIDHistory, what is that, basically copying over
all it's group membership info (i.e. "memberOf"? -- Spin No, SIDHistory provides the ability for migrated security principals (e.g.
users and groups) to retain access to resources in the old domain. The idea is that it gives you time to update the permissions on existing resources at some point after the migration has completed to reflect the new accounts or groups. The migrated user acquires a Security Identifier (SID) in the target domain and SIDHistory provides the ability for the migrated user to retain the SID from the source domain. Consider the concept of SIDHistory as analogous to travelling with two passports. The new passport allows you visit to a new set of countries, while the old passport allows to to retain the access to the countries you previously were allowed to visit. Once the migration is complete and you have re-permissioned all the resources to provide the required level of access to the new accounts and groups you should remove the SIDHistory attribute from the migrated objects. Google the Microsoft Knowledge Base for SIDHistory for further information. Tony www.activedir.org Show quoteHide quote "Spin" wrote: > If I tell the ADMT to use SIDHistory, what is that, basically copying over > all it's group membership info (i.e. "memberOf"? > > -- > Spin > > > Thank you.
-- Show quoteHide quoteSpin "Tony Murray" <TonyMur***@discussions.microsoft.com> wrote in message news:07C05EBA-968A-4BBD-8C4F-DD31A340E7C7@microsoft.com... > No, SIDHistory provides the ability for migrated security principals (e.g. > users and groups) to retain access to resources in the old domain. The > idea > is that it gives you time to update the permissions on existing resources > at > some point after the migration has completed to reflect the new accounts > or > groups. > > The migrated user acquires a Security Identifier (SID) in the target > domain > and SIDHistory provides the ability for the migrated user to retain the > SID > from the source domain. > > Consider the concept of SIDHistory as analogous to travelling with two > passports. The new passport allows you visit to a new set of countries, > while the old passport allows to to retain the access to the countries you > previously were allowed to visit. > > Once the migration is complete and you have re-permissioned all the > resources to provide the required level of access to the new accounts and > groups you should remove the SIDHistory attribute from the migrated > objects. > > Google the Microsoft Knowledge Base for SIDHistory for further > information. > > Tony > www.activedir.org > > "Spin" wrote: > >> If I tell the ADMT to use SIDHistory, what is that, basically copying >> over >> all it's group membership info (i.e. "memberOf"? >> >> -- >> Spin >> >> >> 
Other interesting topics
setting account expire date problem
Upgrading to Windows 2003 from Windows 2000 Failed to open the group policy object AD replication after a year Unable to assign TerminalServicesHomeDrive Letter using script. Least amount of privileges Loading GPMC How to setup an account as non Domain admin to join comps to domai Set et "inherit from parent the permission" on multiple user objects at same time User Name in AD |
|||||||||||||||||||||||
