If you are talking about the user's domain account it is a
guid, global unique id, the domain version of a sid. There can be only one of
these in a domain. Copying it would give you two of the same at the same time:
Forbidden.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher
Sent: Monday, June 14, 2004 3:02 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] SID question
Can a SID be
"copied" from one account to another between domains in the same forest? The
scenario is this: account is migrated using ADMT from NT4 domain into child
domain in 2003 forest. An account with the same username is going to be copied
into the root from an external LDAP source. One of the higher ups here wants to
have the account in the root domain be what the user uses. So, he wants to know
if the SID can be "copied" from the account in the child OU, and then have the
child OU account deleted. I'm thinking no, but I wanted to make sure before
telling him that.
Thanks in
advance.
Chris Flesher
The University of Chicago
NSIT/DCS
1-773-834-8477