What would be your join criteria in this case? I mean, if you're not using sidHistory, what's to say that userA in domainA ForestA once moved to domainB ForestB is going to be called UserA? What if a UserA already exists in that target domain?
Anyhow, there needs to be an authoritative source and a way to join the source to the target in a way that prevents ambiguity. Normally, sidHistory would fulfill that requirement, but in two separate forests there's no guarantee that you'd use that. Or if you were bringing it from multiple domains it would have multiple source sids.
For that purpose, something like MIIS is a very useful tool because of the way it joins directories. If you were to home grow something, you'll have to figure out what the link is. If it's different than what 80% of the people out there need, it won't be an off-the-shelf tool that you're looking for, but more like the others have said: db, xls, script, or similar to do that work.
Does that help?
On 12/30/05, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote:
dont know any tool that is able to do this
how about scripting this?
j.
________________________________
From: [EMAIL PROTECTED] on behalf of Tom Kern
Sent: Fri 2005-12-30 22:50
To: activedirectory
Subject: [ActiveDir] directory validation
Is there some utility(free?) where you can validate objects from one AD forest against another?
like, if you've done a migration and you want to make sure the objects in the target forest are pretty much in sync with objects in the source(group memebership,etc)?
thanks
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
