Using ADMT to migrate user accounts, sid history don't work

By rgajjar ·
Got a problem hope someone can help.

Migrating user accounts from a source W2K3 AD domain to destination W2K3 AD domain.

I need to maintain the Sid history to allow access to data in source domain, i have followed the guidelines to setup ADMT, and have modifIed the registery on source pdc emulator to cater for sidhistory migration etc.

When running ADMT 3 the logs say the sid history has migrated succesfully but when using that migrated account its doesn't allow me access e.g. to the users old H home drive.

SID FILTERING is disabled.

Any ideas?

appeciate any help.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Trust Relationship

by cjt In reply to Using ADMT to migrate use ...

Do you have a trust relationship setup?

Collapse -

Steps done

by lawrence.tancl In reply to Trust Relationship


I also facing this issue. Trust rs is okay, nslookup is okay too... just that it doesn't work

Collapse -

Enabling the use of SID History

by thedacman In reply to Using ADMT to migrate use ...

I just resolved this issue at a customers site. An "undocumented" requirement when using ADMT in a Windows 2003 forest.

On PDC run:

NETDOM TRUST trusting_domain_name /Domain:trusted_domain_name /EnableSIDHistory:yes

/EnableSIDHistory Valid only for an outbound, forest trust. Specifying "yes"
allows users migrated to the trusted forest from any other forest, to use SID history to access resources in this forest. This should be done only if the trusted forest administrators can be trusted enough to specify SIDs of this forest in the SID history attribute of their users appropriately. Specifying "no" would disable the ability of the migrated users in the trusted forest to use SID history to access resources in this forest. Specifying
/EnableSIDHistory without yes or no will display the current state.

Related Discussions

Related Forums