Re: SID Filtering vs. SIDhistory

From: Eric Fleischman [MSFT] (efleis_at_online.microsoft.com)
Date: 01/27/04 

Date: Mon, 26 Jan 2004 17:15:10 -0600

A somewhat more pointed question: is this a domain trust or a forest trust?
And what is the OS on both sides of the trust?

Thanks!
~Eric 

-- 
Eric Fleischman [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Laura A. Robinson [MVP]" <geekwench@snippit.hotmail.com> wrote in message
news:MPG.1a7f5fd749d30226989744@nn.bloomberg.com...
> In article <ux2BPAF5DHA.360@TK2MSFTNGP12.phx.gbl>, rich_roller@*REMOVE-
> THIS*whitney.org says...
> > We're about to do a important ADMT migration from NT to AD
> > (WS2003), in which we chose to migrate SIDhistory which we relied
> > on for backward access to NT resources.  All of our testing so far
> > was based on two-way trusts that were setup with SID Filtering,
> > which is the default for WS2003.
> >
> > Our testing was generally quite positive and SIDhistory, from all
> > we can tell, was working OK (except for built-in users & built-in
> > groups which we understood ADMT would not migrate/SIDhistory)
> >
> > What's really puzzling me about this is that in several places,
> > including the "new trust wizard", it says that if SID Filtering is
> > turned on then things like SIDhistory will not work properly.
> > We've confirmed (using netdom) that our trusts indeed have SID
> > Filtering enabled so what's the deal?  How come it looks to us
> > like SIDhistory is working?
> >
> > We're about to do our *real, production* migration and we're
> > wondering if we should disable SID Filtering?
> >
> > TIA,
> >
> > Rich
> >
> >
> >
> How have you verified SIDHistory? Have you looked at the attribute?
>
> Laura

Relevant Pages

  • Re: Merge networks
    ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ... SID filtering is ALWAYS configured on the outgoing part of a trust! ...
    (microsoft.public.windows.server.active_directory)
  • Re: sidHistory and DomainUsers
    ... It looks like a SID filtering issue but SID filtering is off. ... Trust type: Intra-forest ... So let's get a few more details - one of the forests is running in ... Also you should know that the migration take place ...
    (microsoft.public.windows.server.active_directory)
  • Re: W2k3 AD migration to W2k3 AD - HELP HELP!!
    ... Setup trusts (if an external trust is configured and sidhistory is used, ... Install and configure migration tooling ... Translate security of the data/resources from source security ...
    (microsoft.public.windows.server.migration)
  • Re: SID Filtering and trust
    ... SIDHistory is an attribute in the User object and the SIDHistory attributes ... I think the fear is that in the migration, SID filtering ... trust that is used there is the normal way of using ADMT to W2k3 -- so I ... > Recently,one of our sites's local system admin insist to upgrade their DC ...
    (microsoft.public.win2000.active_directory)
  • Re: SID Filtering and trust
    ... SIDHistory is an attribute in the User object and the SIDHistory attributes ... I think the fear is that in the migration, SID filtering ... trust that is used there is the normal way of using ADMT to W2k3 -- so I ... > Recently,one of our sites's local system admin insist to upgrade their DC ...
    (microsoft.public.windows.server.active_directory)