Dave, Have you gotten an answer yet that satifies you?
In the ACLs, or more appropritately, the Security Description, you can find both SIDs and GUIDs. Some of these may have to do with your recent upgrade. Others may not. This is where caution comes in. Typically, if you give them time to resolve, and they don't - your should be able to remove them. Especially if you use SID2USER and get an invalid on non-existent return. When going from Windows NT 4.0 to Windows 2000, a SID should only reference an object from Windows NT 4.0. A GUID shouldn't, as a GUID doesn't have any meaning in NT 4.0 speak. Like NDS, AD can and does use GUIDs to identify many objects in the ACLs. SIDs, for the greater part, are a legacy throwback - hence the reason that they weill be around in MS products for a while yet. Me, I'd be happy to see them go.... Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Kinnamon > Sent: Wednesday, February 12, 2003 9:04 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Resolving a GUID > > > I recently noticed that I have a number of GUIDs listed in my > Default Domain Controllers Policy. Months ago I had upgraded > my NT4 PDC and I'm assuming all of these values came from > that process. I have deleted a number of old accounts since > my upgrade. > > Is there any way to manually check if that GUID references > any current object in AD? Can I safely delete them since > they don't "resolve"? > > > > Dave Kinnamon > Network Administrator > ETC International > > p. 608-662-2314 > m. 608-209-0609 > f. 608-662-8514 > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
