How to remove sid history

[Norman]

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

Hi,
I am the "Domain Admin" of a child domain running W2K. I have some migrated
users that have SID History attributes. When I try to use ADSI to remove
their sidHistory attribute , I got the error message saying that I am not
the "owner of the sam account manager ".
What does that means ? Is there any other way to remove this attribute ?

Norman

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

Norman,

The VBS script does a great job of this but you'll need to be VERY careful.
If your workstation migration didn't go perfectly, then when you pull the
SIDHistory, the profiles will dissociate and your users will create new
local profiles from the defaults.

I would suggest doing this manually for several users and systematically
test all of your applications. If this looks to be ok, then do a
domain-wide wipe of your SIDHistory using the VBS script.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"Norman" <GeorgeNorman@hotmail.com> wrote in message
news:%23B062AbKFHA.1396@TK2MSFTNGP10.phx.gbl...
> Hi,
> I am the "Domain Admin" of a child domain running W2K. I have some
> migrated users that have SID History attributes. When I try to use ADSI to
> remove their sidHistory attribute , I got the error message saying that I
> am not the "owner of the sam account manager ".
> What does that means ? Is there any other way to remove this attribute ?
>
> Norman
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

Norman wrote:
> Hi,
> I am the "Domain Admin" of a child domain running W2K. I have some migrated
> users that have SID History attributes. When I try to use ADSI to remove
> their sidHistory attribute , I got the error message saying that I am not
> the "owner of the sam account manager ".

You can use vbscript attached with this tool:
http://www.tbiro.com/projects/SHEdit/index.htm

--
Tomasz Onyszko [MVP]
T.Onyszko@w2k.pl
http://www.w2k.pl

 

[Norman]

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

Tom, I am very nervous to run a authoritative restore just to remove an
attribute for users ( which is described in that tools ), is there any other
tools that do not require an Authoritative Restore ? Thanks.

Norman

"Tomasz Onyszko [MVP]" <T.Onyszko_nospam_@w2k.pl> wrote in message
news:%23ceE9CbKFHA.1396@TK2MSFTNGP10.phx.gbl...
> Norman wrote:
>> Hi,
>> I am the "Domain Admin" of a child domain running W2K. I have some
>> migrated users that have SID History attributes. When I try to use ADSI
>> to remove their sidHistory attribute , I got the error message saying
>> that I am not the "owner of the sam account manager ".
>
> You can use vbscript attached with this tool:
> http://www.tbiro.com/projects/SHEdit/index.htm
>
> --
> Tomasz Onyszko [MVP]
> T.Onyszko@w2k.pl
> http://www.w2k.pl

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

Norman wrote:
> Tom, I am very nervous to run a authoritative restore just to remove an
> attribute for users ( which is described in that tools ), is there any other
> tools that do not require an Authoritative Restore ? Thanks.

I was only telling You to use ClearSIDHistory.vbs - this not requires
reboot. Similiar script can be found on polish technet site (I know that
You can't understand polish so simply go and take a look at last script
on this page):

http://www.microsoft.com/poland/technet/article/art014.mspx


--
Tomasz Onyszko [MVP]
T.Onyszko@w2k.pl
http://www.w2k.pl