Powershell: sidhistory

Hello experts,

Is there a way to save the sidHistory attribute values prior to removing it for a user/group and restore these if there is an issue with a script.

Looking forward to you assistance.

Thanks.
Parity123Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
No. You can save the old values, but it won't do you any good, because the sidHistory attribute is controlled by the system and can only be set during a migration. You are obviously allowed to remove it once the migration is complete, but you can not write arbitrary values to it. You'd have to migrate the users again.

SID-History attribute
https://msdn.microsoft.com/en-us/library/ms679833(v=vs.85).aspx
* Update Privilege: This value is set by the system.
* Update Frequency: Each time the object is moved to a new domain.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PberSolutions ArchitectCommented:
It looks like you may be able to do this:  https://alwinperotti.wordpress.com/2013/03/29/update-the-sidhistory-attribute-for-existing-accounts-with-powershell/  Provided the trust is still there.  Never Tried it.

I think you are looking for a backout plan.   As oBdA mentioned, you can save it so you can cross reference the old SID incase there was some old SIDs that didn't get migrated.

Probably best idea would be to remove the trust for a period of time and see what breaks.  If issues arise, you can re-establish the trust quickly to get going again.  Or fix the security using the new SIDs.  If you can run with the trust removed for an extended period of time, you can be confident with removing the sIDHistory.
0
PberSolutions ArchitectCommented:
I think this deserves a split.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.