You are correct (both of you!) We do have the registry keys added, auditing enabled, and AD does have to be in Native mode (which we are in).
Still not too sure why the migration tool is not functioning properly???? (strange though how things work out so well when you have the sales rep/tech doing the initial training)...... Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print & Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -----Original Message----- From: Linton Smith (WBTQ) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 27, 2002 11:00 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: Migration tools and AD Graham, I believe you are correct. NT4 BDC's have no understanding of the sIDHistory attribute, so I don't see it could function in a mixed mode target domain. Most migration tools use the ClonePrincipal API to obtain the source sid, and this requires a few things: - TCPIPClientSupport registry setting on the PDC of the source domain - Auditing of user and group management enabled in both source and target domains HTH, Linton -----Original Message----- From: Graham Turner [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 27, 2002 8:31 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Migration tools and AD yes, but how does it keep the SID from the source domain - ADMT populates the SIDhistory attribute of the user object. the values of the SIDhistory and the SID of the account domain are added to the token at user logon. as i understand and from my original post the SIDhistory attribute is only available in native mode domains QUest and other domain tools must do things a bit differently ... GT only available how does it do ----- Original Message ----- From: "Pelle, Joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 27, 2002 1:08 PM Subject: RE: [ActiveDir] OT: Migration tools and AD > If I understand your question correctly the tool for migration: Quest, > allows the user to make a decision to keep the SID's on the source domain(s) > or remove/disable them... > > Joe Pelle > Systems Administrator > Information Technology > Valassis / Targeted Print & Media Solutions > 35955 Schoolcraft Rd. Livonia, MI 48150 > Tel 734.632.3753 Fax 734.632.6240 > [EMAIL PROTECTED] > http://www.valassis.com/ > > This message may have included proprietary or protected information. This > message and the information contained herein are not to be further > communicated without my express written consent. > > > -----Original Message----- > From: Graham Turner [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 27, 2002 3:45 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] OT: Migration tools and AD > > would be interested to know how the access is maintained to resources in the > source domain - unless of course ALL references to the source account domain > global groups / user accounts are duplicated. > > GT > ----- Original Message ----- > From: "Weston Rogers" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, November 26, 2002 9:58 PM > Subject: RE: [ActiveDir] OT: Migration tools and AD > > > Not true, although I don't know what the requirements of the Quest > software are, I know DMW doesn't care about modes. > > -- > Weston Rogers > [EMAIL PROTECTED] > 800.849.5147 x255 > > -----Original Message----- > From: Graham Turner [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 26, 2002 4:50 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] OT: Migration tools and AD > > > is the target domain in native mode ?? > > understood to be mandatory for the sidhistory attribute > > GT > ----- Original Message ----- > From: Pelle, Joe > To: [EMAIL PROTECTED] > Sent: Tuesday, November 26, 2002 9:15 PM > Subject: [ActiveDir] OT: Migration tools and AD > > > Hello there! > I'd like to know if anyone has had any experience using Quest migration > tools? If so, I am having some specific issues migrating SIDHistory: I > am unable to move the SID history from my NT domain to my new AD > structure. I am successful migrating the user(s) but unable to get the > SID to come with them! > Quest suggests that I have SP2 installed for 128bit encryption when > migrating SIDHistory from client to server. I have SP3 already... > Any suggestions?! > Thanks! > Joe Pelle > Systems Administrator > Information Technology > Valassis / Targeted Print & Media Solutions > 35955 Schoolcraft Rd. Livonia, MI 48150 > Tel 734.632.3753 Fax 734.632.6240 > [EMAIL PROTECTED] > http://www.valassis.com/ > This message may have included proprietary or protected information. > This message and the information contained herein are not to be further > communicated without my express written consent. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
