RE: [ActiveDir] SID History.

[Ansar Mohammed]

Matt, Can you elaborate a bit; probably with an example? At what stage are you migrating groups? Is this intra-forest or inter-forest? Also, is the source domain NT4.0 or 200x. And are you using ADMT v 2 or 3?     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves Sent: September 21, 2006 4:59 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SID History.   Conceptual situation: User domain Resource domain (s) I bring all users into a single AD environment, bringing over SID History information. Now I start moving over file servers from the resource domain to the AD environment.  One of the file servers has groups ACL'd from the resource domain.  When the server goes to check for access rights, will it pull over *all* group memberships from the appropriate resource domain or simply pull over the single group membership and append that to the user's token? Mostly just looking at SID history impact between semi-active resource domains that are being decomissioned and current domains.  Microsoft's site mostly seems to point to groups that are pointing to SID history objects that are within the AD environment, not cross-domain SID history impact.