Hi Chris,
If you have a backup of that domain - restore.
If you don't have a backup, and it was the fist domain in the forest (forest
root) then create a new forest and migrate step by step every of the
existing domains into the new forest (ADMT or other migration tools from 3rd
party vendors
Hello Rens,
Migrate with ADMTv2, look into the guides MS published for
a migration from one forest into another. Since you are able to keep the SID in
the SIDHistory you are able to retain permissions, however I'd also look to
reAcl the Ressources to the new SIDs. This can be done with
Hello Stephen,
I don't think so. AFAIK the only variables which you are
able to use during logon are the ones which are system variables on the clients
plus the %username%. Variables defined in the context of the user are not
available at this time.
AFAIK2 - the variable username is filled
Hi Joe,
AFIAK the passwords of the computer accounts are not set to expire, but they are
automatically changed.
The password change is done from the netlogon service. The default time in NT was 15
days, changed to 30 days in W2k and later. The client might decide to change after the
half of
Ian is correct about the AD Plugin, it isn't flaw free, but if you are simply trying to provide Single Sign On access to file servers with a windows UID and password you have the alternative of using OS X's kerberos support which is quite good. AdmitMac is a comparatively expensive solution that