sidhistory

[Graham Turner]

this may well turn out to be one of those questions that you wish u never
asked on account ot if being really silly but anyway here goes ..

have got through process of migration to a windows 2000 domain using ADMT
2.0

we have leveraged the sidhistory functionality to maintain connectivity to
"downlevel" source domain resources eg Exchange 5.5 mailboxes.

as we have completed the migration, the challenge now is the decommissioning
of the source domain

first step is the removal of the source domain accounts

as we do this obviously the object with the SID referenced by sidhistory
will no longer exist.

QU - does the sidhistory attribute actually require the object to exist in
the source domain ??

i can see how the resolution of the SID to a domain object may fail but is
it required just to support authentication to a downlevel resource (specfic
example being an Exchange 5.5. mailbox) that has the downlevel SID on its
ACL

GT

 

[Herb Martin]

QU - does the sidhistory attribute actually require the object to exist in

the source domain ??

i can see how the resolution of the SID to a domain object may fail but is
it required just to support authentication to a downlevel resource (specfic
example being an Exchange 5.5. mailbox) that has the downlevel SID on its
ACL

No -- and it isn't a silly question. NT-class security just doesn't work
that
way. Worst case (and since SID history is special probably not), you might
occasionally see "unknown user" (or similar) when using various display
tools.

 

[Graham Turner]

and i assume i am correct to say that the authentication mechanisms of
outlook 2000 / exchange 5.5 is ntlm using pass-thru authentication to an
account domain controller ? -

GT