Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 832
  • Last Modified:

Microsoft, Active Directory, 2003, SID History - Is source domain necessary for history to work?

I have two domains (one NT4 & one 2003) that I want to migrate into a third (2003).  I intend to use SID history to save re-permissioning all resources/file shares (will be done at a later date).

My questions is;  If I migrate with SID History (which I've tested and works okay) and then remove the source domains will the access to resources still work?  

I guess with the source domain gone, when I view the security on a resource I will not be able to view the group/user names permissioned for it but just see the SID of the now removed group/user... true?  But will access still be possible?

Hope this makes sense!


1 Solution
dalmsAuthor Commented:
I think the solution to my situation maybe in the use of the 'Security Translation Wizard' to repalce old SID with new.

Any thoughts welcome.
It will continue to work with or without the original domain's presence.  The process of Authorization places implicit trust in the token and does not validate its content (at least in any way related to this), as a result, it is not even aware that one of the SIDs came from sIDHistory nor does it attempt to validate that the domain authority still exists.

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now