SID History is basically there to preserve access to objects for whcih access was granted before the migration. For example, I create an NT 4 share in an NT 4 domain and grant a specific group access to it. The ACL references the SID of the group and gets the name from that, not the other way around. Now I upgrade to AD, and that group gets a new SID, the SID history allows the previous ACL to relate to the new SID and recognize that as the same group. Now, if you are going to 86 all the group memberships, and you always set ACLs to groups like we were all told, then SID hsitory isn't going to do much for you.
It's really there for the transition phase where some machines and/or users have migrated and others haven't. Of course, its that transition phase which seems to be the ugliest thing about AD implementation. -Patrick R. Sweeney http://boston.craigslist.org/bos/res/8484283.html ----- Original Message ----- From: "Pham, Tuan" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Sent: Friday, February 21, 2003 1:41 PM Subject: SID history question > Hello, > > What are the differences of the new SID and SID History? for example: > > 1. If I use ADMT to migrate all users from NT to a new W2K/AD domain > that would preserve all permissions and group membership,etc... which I > don't really care, because all groups and permissions in W2K will be > different, all I need is the accounts. > > 2. or I can script all the users into AD with a brand new SID. > > My question is, let say I decided to use ADMT to migrate users from NT that > does preserve SID History, but later on more users are created, obviously > with the new SID. Would it cause any problem in the future as far as SID > identification? > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
