Windows

General discussion

Gravatar
0 Votes
Locked

ADSI Edit - Delete an Objects Attribute!

By nik.stapley ·
Hi all

I need to delete the attribute sIDHistory which has been applied to a group attribute within our AD.

Whilst running ADSIEdit with FULL Permissions for the object, when I try and clear the sIDHistory attribute I receive the following error message:

Access to the attribute is not permitted becuase the attribute is owned by the Security Accounts Manager (SAM).

I've looked on Technet but to no avail.

Can anyone help?

Thanks

Nik Stapley nik@nastek.co.uk

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

ADSI Edit - Delete an Objects Attribute!

by rkelly In reply to ADSI Edit - Delete an Obj ...

Why do you want to remove sIDHistory? This attribute is funtamental to Active Directory and YOU cannot remove/edit this attribute. It is generated at object generation and ONLY updated when an object is moved between domains.

If you remove this attribute then you may well find that any admin you have done will NOT be reflected when you move objects around your AD tree. Without sIDHistory moved objects are recreated and LOST - when you upgrade a domain from NT4 to Windows 2000 if you modify/delete this attribute then your old permissions may not work.

The only way to change the sid history for an object is to delete the object and recreate it (i.e. create a new object).

Back to Windows Forum

Start or search

Related Discussions

Related Forums