Copy SID of User from One domain to another
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)
I have Users A in domain A and User B in domain B (in separate forest) -
same user just different accounts in different forest/domain.
I will be collapsing / geting rid of Domain A - how can I merge the SID of
User A into his User B account?
thanks.
I have Users A in domain A and User B in domain B (in separate forest) -
same user just different accounts in different forest/domain.
I will be collapsing / geting rid of Domain A - how can I merge the SID of
User A into his User B account?
thanks.
More about : copy sid user domain
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)
you'll need to leverage SIDhistory in Domain B - i.e. you're Domain B users
will have an additional SID of the Domain A users, after you've added Domain
A user's SID to the SIDhistory attribute of the respective Domain B user.
But don't forget, that the User's SID is often the least of your worries =>
it's the groups that typically grant most access for users so you'll want to
merge their SID to appropriate groups in the other forest as well and (just
as important) add the Domain B users to the appropriate groups that the
Domain A users belonged to.
This can be done via script (leveraging the ClonePrincipal API -
http://www.microsoft.com/resources/documentation/Window...)
or by using more powerful tools which do it UI based and much more
automated.
Microsoft's ADMTv3 (still beta) is quite powerful and it's worth to use the
beta instead of ADMTv2. Also have a look at third party tools such as Quest
Migration Manager.
/Guido
"Randy R." <rcrose@varco.com> wrote in message
news:%23Y4FkDM5EHA.2568@TK2MSFTNGP11.phx.gbl...
> I have Users A in domain A and User B in domain B (in separate forest) -
> same user just different accounts in different forest/domain.
>
> I will be collapsing / geting rid of Domain A - how can I merge the SID of
> User A into his User B account?
>
> thanks.
>
>
you'll need to leverage SIDhistory in Domain B - i.e. you're Domain B users
will have an additional SID of the Domain A users, after you've added Domain
A user's SID to the SIDhistory attribute of the respective Domain B user.
But don't forget, that the User's SID is often the least of your worries =>
it's the groups that typically grant most access for users so you'll want to
merge their SID to appropriate groups in the other forest as well and (just
as important) add the Domain B users to the appropriate groups that the
Domain A users belonged to.
This can be done via script (leveraging the ClonePrincipal API -
http://www.microsoft.com/resources/documentation/Window...)
or by using more powerful tools which do it UI based and much more
automated.
Microsoft's ADMTv3 (still beta) is quite powerful and it's worth to use the
beta instead of ADMTv2. Also have a look at third party tools such as Quest
Migration Manager.
/Guido
"Randy R." <rcrose@varco.com> wrote in message
news:%23Y4FkDM5EHA.2568@TK2MSFTNGP11.phx.gbl...
> I have Users A in domain A and User B in domain B (in separate forest) -
> same user just different accounts in different forest/domain.
>
> I will be collapsing / geting rid of Domain A - how can I merge the SID of
> User A into his User B account?
>
> thanks.
>
>
Related ressources:
- ForumRemoved user from one domain and added to another . Noteboo..
- ForumHow copy user and group from one server to another
- ForumReplacing domain SID on ACE's in DACL
- ForumImpoting User names and SId 's to different forest
- ForumAssociating Domain Account With Local User Profile
- ForumsID shows in permissions instead of domain users
- ForumMoving user profile when joining a domain
- ForumRebuild PDC & SID question
- ForumSID Forging Please Urgent
- Forumhow to change the domain name
- Forumcreate user account from one domain to another domain
- ForumResolving Sid to User Name when Examining DACL
- ForumChange settings from one user to another
- Forumuser account cannot be "deleted"
- ForumIs every user a member of Users?
- ForumWindow XP schduler cannot copy file from workgroup pc to a domain server when co
- Forumcopying user profiles to another machine (NT4 workstation)
- ForumGPO applies to one user and not to another ??
- Forum" User rights Assignment" - catch 22
- ForumParallel and com ports not appearing in device manager
- More resources
!
