RE: [ActiveDir] SidHistory migration

[GRILLENMEIER,GUIDO (HP-Germany,ex1)]

2003 has SID-Filterning turned on by default for any external trusts to and from domain - i.e. access with SID-History should work fine as long as the resources your accessing are on servers that are members of the 2003 forest.   you can turn off SID-Filtering - this should resolve your problem.  However, as this feature generally decreases the attack surface for your 2003 forest in trusted environments, you really only want to consider this as an interims solution.    /Guido From: Pelle, Joe [mailto:[EMAIL PROTECTED] Sent: Freitag, 9. Januar 2004 16:37 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SidHistory migration We were going to do the inplace but we have no choice to do it this way.  Any suggestions?   Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324  Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/   This message may have included proprietary or protected information.  This message and the information contained herein are not to be further communicated without my express written consent.   From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 10:03 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SidHistory migration   Even if you did make it work, I would be uncomfortable with the complexity involved of permissions.  'Course I'm in a regulated industry, but still...   Any reason why you don't upgrade your domain in place?  Why the new domain again?   Why can't you get rid of the old domain and get rid of the sIDHistory from that migration?  In other words, why not complete the migration prior to migrating again?     Al   From: Pelle, Joe [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 9:04 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] SidHistory migration Hello, All!  Happy New Year!   I'm hoping you can help me figure this one out!   We've migrated from NT to 2000 with SIDHistory and have been running successfully for quite some time now.  We now want to move to 2003 with SIDHistory - which, will give our user accounts 3 SIDs (NT, 2000, 2003).  We've tested this in the lab and with the migration software we are using we are getting a successful SID migration, however, when logging in as a migrated user in 2003 I don't have the same access I had in 2000 (or NT).    It appears that SIDHistory is NOT working.  We have a two way trust between our two forests as well as trusts going back to NT.  I've disabled SID filtering on the 2003 trust.    Any help in this matter would be greatly appreciated!   Thanks!   Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324  Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/   This message may have included proprietary or protected information.  This message and the information contained herein are not to be further communicated without my express written consent.