> I have a new empty forest root (efr.something.com which is W2K3, brand new and > I have not set a functional level yet, it's what it would be natively upon creation).
That would be Win2000 mixed mode at the domain level (which doesn't support SID-History anyways) and Win2000 mode at the forest level... but if I read correctly, you don't want to migrate into the existing root domain anyways Instead, you want to "migrate to a NOT YET created child domain (cd1.efr.something.com)" => you'll have to turn off SID-Filtering on the trust between THIS (not yet existing) child domain and your source domain, not the root (as you SID-Filtering is configured per trust). To do so, you'll first have to create the child domain, set this domain to the Win2003 domain functional level (if you don't expect/want any 2000 DCs in this domain), then create the trust and turn off SIDfiltering on this trust (not from the root). At last, I expect that the error "The parameter quarantine:No was unexpected." comes from the fact that you are using the 2003 syntax, but the source domain is still Windows 2000, wich uses a different syntax for disabling SID-Filtering: NETDOM.EXE Trust sourcedom /Domain:targetdom /FilterSIDs NO /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Saturday, September 04, 2004 9:58 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Sid Filtering will not disable People,, I cannot get sid filtering to disable in my migration action. I have a new empty forest root (efr.something.com which is W2K3, brand new and I have not set a functional level yet, it's what it would be natively upon creation). I have a source domain in a different forest that I want to get ready to migrate to a NOT YET created child domain (cd1.efr.something.com) The W2K3 Server notes from efr state that in the trusting domain (the one I want to migrate "source.com" which is W2K mixed mode ) I need to disable sid filtering with the command: Netdom trust TrustingDomainName /domain:TrustedDomainName /quarantine:No /usero:DomainAdministratorAcct /passwordo:DomainAdminPwd so I type the following: Netdom trust source.com /domain:efr.something.com /quarantine:No /usero:Administrator /passwordo:source.comAdminPassword It returns "The parameter quarantine:No was unexpected. The parameter is incorrect: So I said, "Maybe it's because the child domain is not created yet and you can't migrate to an empty forest root." Then I said "No, how does it know it's an empty forest root. It does not know." So now I can't effect that command. Can anyone help me decipher my logic failure here? I really appreciate all the help(ers) on this list. It has been invaluable. And "For cripes sake joe", "Don't listen to Rick tell you to give just one line answers!" :-0 Just kidding. Love you "both". Thanks. ------------------------------------------------- Rocky Habeeb Microsoft Systems Administrator ------------------------------------------------- James W. Sewall Company Old Town, Maine ------------------------------------------------- 207.827.4456 habr @ jws.com www.jws.com ------------------------------------------------- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/