Eltoro83
asked on
Issues automating the addition of sidhistory values with ADMT
Just looking into consolidating 2 NT4 (DOM1 & DOM2) domains to 2003 AD (AD1). Fairly standard stuff.
The two seperate NT4 domains currently have identical users and groups. A legacy design we ultimately want to get rid of.
The idea is with the 2003 domain all resources from both be accessed as they were before with a single sign on.
The current plan was to initially migrate users, groups and workstations from both domains to the 2003 domain, and initially have these two NT4 domains exist as resource domains (servers, printers etc) until they can be upgraded. ADMTv3 is then run on the 2003 DC and completes the migration of users & groups with SIDHistory with no dramas. Resources are accessible everything works well. e.g. (DOM1\user1 = AD1\user1)
The same migration process with ADMT is applied to the second domain. Failures are expected as the objects already exist, however I was hoping the SIDHistory of the second domain would be appended to the 2003 domain equivalent principle. This does not occur, it just errors out with object already exists. (DOM2\user1 != AD1\user1)
LDP confirms that no additional SIDs have been written.
So my question is this: Is it possible to append additional SIDs to the SIDHistory attribute by an automated means? (ideally ADMT or something similar) I have seen a few vbs scripts that perform seem to perform similar functions, but keen to know if a application has already been designed to do this.
Im sure the solution is something simple that I have overlooked, but I can't seem to automate this process. Thankful for any input.
The two seperate NT4 domains currently have identical users and groups. A legacy design we ultimately want to get rid of.
The idea is with the 2003 domain all resources from both be accessed as they were before with a single sign on.
The current plan was to initially migrate users, groups and workstations from both domains to the 2003 domain, and initially have these two NT4 domains exist as resource domains (servers, printers etc) until they can be upgraded. ADMTv3 is then run on the 2003 DC and completes the migration of users & groups with SIDHistory with no dramas. Resources are accessible everything works well. e.g. (DOM1\user1 = AD1\user1)
The same migration process with ADMT is applied to the second domain. Failures are expected as the objects already exist, however I was hoping the SIDHistory of the second domain would be appended to the 2003 domain equivalent principle. This does not occur, it just errors out with object already exists. (DOM2\user1 != AD1\user1)
LDP confirms that no additional SIDs have been written.
So my question is this: Is it possible to append additional SIDs to the SIDHistory attribute by an automated means? (ideally ADMT or something similar) I have seen a few vbs scripts that perform seem to perform similar functions, but keen to know if a application has already been designed to do this.
Im sure the solution is something simple that I have overlooked, but I can't seem to automate this process. Thankful for any input.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER