| Author |
Message |
Joe Marr
Guest
|
 Posted:
Tue Oct 18, 2005 12:50 pm Post subject:
SidHistory Issues |
|
|
Im in the middle of preparing for a migrating a division within my company
from NT to my 2000/2003 AD domain.
Using ADMT I have migrated some test users from the NT 4.0 domain over to my
AD setup. I made sure that sidhistory was checked and later verified that it
was present (via LDAP).
My problem is that the test users cannot access any of the resources in the
NT 4.0 domain.All of them recieve a denied when we try to access something.
It seems like they SID is being filtered, and I found a technet article
about 2003 domain controllers automatically doing so
(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/01e5cf71-b317-4967-82a2-75b7b632b746.mspx)
Any thoughts or suggestions? |
|
| Back to top |
|
 |
Vincent Xu [MSFT]
Guest
|
| Posted:
Wed Oct 19, 2005 8:38 am Post subject:
RE: SidHistory Issues |
|
|
Hi Joe,
That is reasonable. Let me know if you need help about this.
Best regards,
Vincent Xu
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
--------------------
| Quote: | From: "Joe Marr" <joe.marr@brodart.com
Subject: SidHistory Issues
Date: Tue, 18 Oct 2005 08:31:01 -0400
Lines: 16
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Message-ID: <#RgLO$90FHA.2932@TK2MSFTNGP10.phx.gbl
Newsgroups: microsoft.public.windows.server.migration
NNTP-Posting-Host: host-12-29-172-245.static.brodart.com 12.29.172.245
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:12367
X-Tomcat-NG: microsoft.public.windows.server.migration
Im in the middle of preparing for a migrating a division within my
company
from NT to my 2000/2003 AD domain.
Using ADMT I have migrated some test users from the NT 4.0 domain over to
my
AD setup. I made sure that sidhistory was checked and later verified that
it
was present (via LDAP).
My problem is that the test users cannot access any of the resources in
the
NT 4.0 domain.All of them recieve a denied when we try to access
something.
It seems like they SID is being filtered, and I found a technet article
about 2003 domain controllers automatically doing so
(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Op
erations/01e5cf71-b317-4967-82a2-75b7b632b746.mspx)
Any thoughts or suggestions?
|
|
|
| Back to top |
|
|
Dipti
Guest
|
| Posted:
Mon Oct 24, 2005 4:51 pm Post subject:
RE: SidHistory Issues |
|
|
Assuing you have created external trust between NT4 and win2003, SID
filtering is enabled by default on external trust. You can disable that Using
AD domain and trust during the trust creation or you can do it later by using
Netdom trust command with parameter Quarantine:No. Make sure you do this for
both domain. I learned it the hard way. Please review article
Disable SID filtering
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/52b395b4-0313-47d8-87d4-fb1dd4d5c470.mspx.
--
Dipti
"Joe Marr" wrote:
| Quote: | Im in the middle of preparing for a migrating a division within my company
from NT to my 2000/2003 AD domain.
Using ADMT I have migrated some test users from the NT 4.0 domain over to my
AD setup. I made sure that sidhistory was checked and later verified that it
was present (via LDAP).
My problem is that the test users cannot access any of the resources in the
NT 4.0 domain.All of them recieve a denied when we try to access something.
It seems like they SID is being filtered, and I found a technet article
about 2003 domain controllers automatically doing so
(http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/01e5cf71-b317-4967-82a2-75b7b632b746.mspx)
Any thoughts or suggestions?
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in