Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to manually add SID History

Posted on 2006-11-15
1
Medium Priority
?
4,960 Views
Last Modified: 2012-08-13
We have a user account that was deleted out of Active Directory. We didnt catch it until it had replicated through our domain. We have backups, but i really dont want to go through the process of doing an authoritative restore to pull back one user account (we actually bought Quests Recovery Manager but are still waiting for it to come in...)

As you can imagine, the user account was recreated, but now we are running into issues where emails are bouncing back and a slew of other problems. I was able to pull his string SID from a report of recently deleted users. I was able to convert his string SID into HEX using this site:

http://blogs.msdn.com/oldnewthing/archive/2004/03/15/89753.aspx

When i go into ADSI Edit to add this converted SID into the user accounts SIDHistory i get "Access is Denied". I read in a couple of forums that this is to be expected because of the potential security breaches that could occur, but i also found a link to a page on the MSDN site that outlined prerequisites that must be met before you could manually add the SID. Unfortunately that site has been moved or is no longer in the MSDN section. I am pretty sure that if i can reattach his old SID then all of his problems would be resolved (permissions, emails bouncing, etc). I dont know that i can use ADMT since i am not moving to another Domain, but i could be completely off on how that utility works. If any one could provide some insight on this issue i would greatly appreciate it.
0
Comment
Question by:aggiejon04
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 26

Accepted Solution

by:
Pber earned 1000 total points
ID: 18019988
You are right, you can't do it from ADSIedit, too much of a security hole.

Look for a file called sidhist.vbs that will be included in the 2003 support tools.  Just run the vbs file for the syntax.  It requires you to map it back to a specific user from the old domain, you can't just plug any old sid in there.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question