Question about GUIDs in Interforest migration

G

Guest

I have a scenario whereby I am trying to do an an interforest migration
between a Windows 2000 source domain and a Windows 2000 target domain, using
the ADMT. My understanding is that there is a limitation in ADMT when dealing
with Windows 2000 source domains in that the GUIDs are not preserved. What
would be the impact of missing GUIDs after the migration?

Source: Domain Migration Cookbook, Chapter 4: Restructuring Tools,
Disadvantages of Interforest Migration -
http://technet.microsoft.com/en-us/library/Bb727128.aspx

Thanks,

Ben
 
P

Paul Bergson [MVP-DS]

If I understand your question correctly, the destination domain has its own
guid and the source objects that are being migrated such as user objects
have sids. Through the use of the sidHistory attribute security provisions
from the old domain to the new domain are preserved. So behind the scenes
the object sids (Users, groups, etc...) are different but the permission to
access the objects (files, folders, printers, etc...) they previously had
should be maintained.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
J

Jorge de Almeida Pinto [MVP - DS]

Every GUID is different and there is no relation between GUIDs.

For SIDs however, that's a different thing. Each SID consists of a domain
part and a relative part. The domain part is the same for each security
principal in the domain and the relative part is uniwue within the domain.
during migration the target account will get a new SID and you have the
possibility to preserve the old sid by migrating it and storing it in the
sidhistory attribute. ADMT can do that for you. Remember sidhistory is a
temp solution, not a long term solution. Make sure to cleanuop afterwards

see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

2000 to 2003 migration 2
ADMTv2 -- Password Migration problem 1
Domain migration question 1
active directory migration problem 3
ADMT error "You must be a domain administrator in the target domain. SID migration will be disabled. 9
Win2K3 domain account connecting to Win2K VPN server in an NT4 dom 2
Asp.net Important Topics. 0
FWT Newsletter - Weekly - November 10, 2003 3

Top