SIDHistory and file moves

InteraX used Ask the Experts™
After I have migrated user accounts from one domain to another, I wish to move files from the servers in the old domain to servers in the new domain.

Obviously, the SID used in the security will be referencing the old SID that is now part of the SIDHistory. When I move the files, will the new server use the new SID of the account in the new domain, or the old SID of the account from the old domain?

I am hoping to eliminate the old SID's from the file systems so that I can clear the SIDHistories of the accounts in the AD.


Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Checkout SetACL - gpl, free to use software. IT can backup the ACLs on the folders, files, also it can backup and restore the ACLs, when you create a backup is list Domain\Accountname - so if you didn't rename your objects I would say that you should be able to to open the backup and find/replace.

If you need to sub one group/user for another, then checkout
Checkout SubinACL.

I have had past luck with both.

I am looking at using xcopy to perform the move.

Does this keep the original SID though?
xcopy with the right commands maintains the ACLs (which essentially are the SID of an object).

If i recall right you could copy, without maintaining permissions, and then ntfs inheritence would write new acls. Obviously test this first on a small folder.

The elegant way IMO is if the migration was done using ADMT (which may be the case as you mentioned sidhistory) then why not translate the security ensitu and then ntbackup the files across or any other way that maintains the new acls?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial