RE: [ActiveDir] SID question

[Passo, Larry]

Title: Message

Depending on your C++ skills, there is an API call:   http://msdn.microsoft.com/library/default.asp?url="">     From: Chris Flesher [mailto:[EMAIL PROTECTED] Sent: Monday, June 14, 2004 1:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SID question   I guess I should clarify a little better. The "planner" is looking to copy the SIDhistory info from the migrated account to a fresh, clean account in the root domain. So, it would be an NT4-2003 child domain migration, and then a copy of the SIDhistory info to the root domain account that is pushed over from an LDAP repository. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Clingaman Sent: Monday, June 14, 2004 3:22 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] SID question If you are talking about the user's domain account it is a guid, global unique id, the domain version of a sid. There can be only one of these in a domain. Copying it would give you two of the same at the same time: Forbidden.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher Sent: Monday, June 14, 2004 3:02 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] SID question Can a SID be "copied" from one account to another between domains in the same forest? The scenario is this: account is migrated using ADMT from NT4 domain into child domain in 2003 forest. An account with the same username is going to be copied into the root from an external LDAP source. One of the higher ups here wants to have the account in the root domain be what the user uses. So, he wants to know if the SID can be "copied" from the account in the child OU, and then have the child OU account deleted. I'm thinking no, but I wanted to make sure before telling him that.     Thanks in advance.   Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477