Does the sid filtering apply to nt40 to w2k3 Native AD migration? john
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, July 12, 2005 2:36 PM To: [email protected] Subject: RE: [ActiveDir] ADMT Group SID History yep, sound just like the source-domain's SIDs are being filtered when the resource is still in the source domain (external.dev). Realize, that you only need to disable SID filtering on the trust in the source domain - you should leave it enabled on the target domain. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris Sent: Dienstag, 12. Juli 2005 21:58 To: [email protected] Subject: RE: [ActiveDir] ADMT Group SID History Have your turned off SID filtering on the Trust? NETDOM trust DomainX /domain:DomainY /quarantine:No /usero:DomainX\AdministratorX /passwordo:* The * will cause a prompt for the password. Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 12 July 2005 19:53 To: [email protected] Subject: [ActiveDir] ADMT Group SID History All, I've been following the Sybex book, Mastering Windows 2003, to test an inter-forest migration from external.dev to development.dev using the ADMT. I have not received any errors during the migration and everything appears to be setup correctly, however, I do not think the SID History is functioning properly. I have a 200 domain named External.dev and a 2003 domain named development.dev. I have a group on External.dev called "Accounting" and a member of that group named "Pete". I have a member server in external.dev, N060MSADDEV4, with a share named "Accounting". The Everyone group has been removed from the ACL and the External\Accounting group has been given full control. I migrate Accounting from external.dev to development.dev with the box checked to migrate SID histories and I receive no errors. The new Accounting group in development.dev should have a SID matching the one on the Accounting group in external.dev and since that group has access to N060MSADDEV4\Accounting any new member of Develppment\Accounting should be able to access N060MSADDEV4\Accounting. I create a user named "Tom" in development.dev and place him in the new Accounting group and attempt to connect to the share and access is denied. If I then migrate N060MSADDEV4 to development.dev and Add the equivalent security references for the target object and leave the source references in tact I can then access the share with Tom, but according to the book I should not have to do that. Am I not doing something correctly in this test? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
