That's what I suggested. We are doing a campus-wide AD project that is being run by Unix guys. They don't understand the technology. Plus, they don't trust Microsoft. They believe the account that is pushed from external LDAP is safer.....but they don't want to make it difficult/impossible for users to use their legacy groups and recources....thus the life of Microsoft Admins on campus.
Thanks for the heads up. Quoting "Grillenmeier, Guido" <[EMAIL PROTECTED]>: > how about first _MOVING_ the accounts from the child domain to the root > domain (can be done via ADMT or the movetree command) - then update > these from your LDAP source afterwards. > > => user will keep GUID and UG/DLG memberships and will be dropped from > GGs > => user will keep same PW and other attributes (does not require PES) > => user will get a new SID in and the old SID will be added to the > SIDhistory of the user > => local user profiles on Win2k/XP clients usually continue to work for > the users (via GUID referrals), but not for NT4 (which only relies on > SID to resolve profile path) > > /Guido > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher > Sent: Montag, 14. Juni 2004 22:02 > To: [EMAIL PROTECTED] > Subject: [ActiveDir] SID question > > > Can a SID be "copied" from one account to another between domains in the > same forest? The scenario is this: account is migrated using ADMT from > NT4 domain into child domain in 2003 forest. An account with the same > username is going to be copied into the root from an external LDAP > source. One of the higher ups here wants to have the account in the root > domain be what the user uses. So, he wants to know if the SID can be > "copied" from the account in the child OU, and then have the child OU > account deleted. I'm thinking no, but I wanted to make sure before > telling him that. > > > Thanks in advance. > > Chris Flesher > The University of Chicago > NSIT/DCS > 1-773-834-8477 > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
