Copy SID of User from One domain to another

R

Randy R.

I have Users A in domain A and User B in domain B (in separate forest) -
same user just different accounts in different forest/domain.

I will be collapsing / geting rid of Domain A - how can I merge the SID of
User A into his User B account?

thanks.
 
G

Guido G

you'll need to leverage SIDhistory in Domain B - i.e. you're Domain B users
will have an additional SID of the Domain A users, after you've added Domain
A user's SID to the SIDhistory attribute of the respective Domain B user.
But don't forget, that the User's SID is often the least of your worries =>
it's the groups that typically grant most access for users so you'll want to
merge their SID to appropriate groups in the other forest as well and (just
as important) add the Domain B users to the appropriate groups that the
Domain A users belonged to.

This can be done via script (leveraging the ClonePrincipal API -
http://www.microsoft.com/resources/.../server/reskit/en-us/deploy/dgbf_upg_ojiy.asp)
or by using more powerful tools which do it UI based and much more
automated.

Microsoft's ADMTv3 (still beta) is quite powerful and it's worth to use the
beta instead of ADMTv2. Also have a look at third party tools such as Quest
Migration Manager.

/Guido
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

moving accounts retaining SID 5
Two domains and two users - merging user account to one 3
SID - Username Mapping - WIN 2000 Server 1
2 Forest in one network. Not able to connect domain 9
Multi forest and Citrix farm 1
File and folder permissions 2
Adding a user from another domain to the domain admin 5
Further question regarding transitive nature of forest trusts 2

Top