perfect explanation, even with your limited experience
;-)
he may still want to use the NT4 account in the transition
phase after the migration.
/Guido
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Donnerstag, 11. M�rz 2004 18:15
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Transitive Access through a trust with NT 4.0
Does not work from my limited experience. Say your NT 4
user resolves to Sid A. Migrate it to AD, and now it's Sid B + SidHistory A. If
you permission a resource in AD to the migrated account, the DACL on the
resource will only reference Sid B. The NT 4 user can only say "I am Sid A," so
the access attempt fails. If it worked, there would be some sort of SidFuture
concept being tossed. Perhaps a neat idea, but I'd guess neatly impossible to
implement.
But if you've migrated the account, why would you want to
access it with the old NT 4 account instead of using the new AD
account?
Hunter
From: Kent Maxwell [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 8:55 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Transitive Access through a trust with NT 4.0
Currently we have two environments: 1) Windows 2003 Active Directory and 2) A NT 4.0 domain.
We have established a trust between the ADS and the NT 4.0 domain. We have migrated users from the NT 4.0 domain to the ADS with SIDHistory. If I am logged into the ADS I can access resources from the NT 4.0 domain under the same context as my user in NT 4.0. This works ok.
Is it possible for me enable access for my NT 4.0 user to access a resource in the ADS by only defining the ADS user to the resource because I migrated the NT 4.0 SID into the SIDHistory attribute? If so how?
Thanks,
Kent
---
This e-mail is intended for the use of the addressee (s) only and may contain privileged, confidential, or proprietary information that is exempt from disclosure under law. If you have received this message in error, please inform us promptly by reply e-mail, then delete the e-mail and destroy any printed copy. Thank you.
