Hi All, Is there a tool that would create a group and allows you to specify the SID for the group? The domain part of the SID would match the domain, so actually only the RID would need to be specified.
A short background: I was told about a case, where an NT domain was in-place upgraded to WS2003. During the upgrade, 75 % of the global groups disappeared. Unfortunately, this was noticed only a couple of weeks later, so it would be quite impossible to do the upgrade again from the roll-back BDC. Also, re-ACLing those groups with SubInACL in 50 servers would be quite laborous. An interesting side-note: The missing groups don't show in ADUC, NT User Manager, or an NTDS dump in any of the DCs, so you obviously cannot add any new members in them. On the other hand, they still continue to work, so that the old members can access resources based on these missing groups. I wonder where they could be cached, and how to track them. Yours, Sakari List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
