TechRepublic|Forums|Windows

Windows

General discussion

  • Creator
    Topic
  • February 7, 2001 at 1:02 am #2109441

    ADSI Edit – Delete an Objects Attribute!

    Locked

    by nik.stapley · about 21 years, 11 months ago

    Hi all

    I need to delete the attribute sIDHistory which has been applied to a group attribute within our AD.

    Whilst running ADSIEdit with FULL Permissions for the object, when I try and clear the sIDHistory attribute I receive the following error message:

    Access to the attribute is not permitted becuase the attribute is owned by the Security Accounts Manager (SAM).

    I’ve looked on Technet but to no avail.

    Can anyone help?

    Thanks

    Nik Stapley nik@nastek.co.uk

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • February 7, 2001 at 3:42 am #3843898

      ADSI Edit – Delete an Objects Attribute!

      by rkelly · about 21 years, 11 months ago

      In reply to ADSI Edit – Delete an Objects Attribute!

      Why do you want to remove sIDHistory? This attribute is funtamental to Active Directory and YOU cannot remove/edit this attribute. It is generated at object generation and ONLY updated when an object is moved between domains.

      If you remove this attribute then you may well find that any admin you have done will NOT be reflected when you move objects around your AD tree. Without sIDHistory moved objects are recreated and LOST – when you upgrade a domain from NT4 to Windows 2000 if you modify/delete this attribute then your old permissions may not work.

      The only way to change the sid history for an object is to delete the object and recreate it (i.e. create a new object).

  • Author
    Replies
Viewing 0 reply threads