A
Anis Achek
Here's an interesting one !
We found out that offline file does not work out very well after AD
migration. The problem shows up when the user is offline. We figured
out that the SIDHistory thing does not work out very well when the user
is offline. Microsoft are not accurate about the issue. They recommend
to translate security on the client computer for offline files to
continue to work:
http://technet2.microsoft.com/Windo...0f66-4c9b-a26f-2f707f7ded491033.mspx?mfr=true
But the issue is more complicated than that. In fact, we did that and
we even disabled then reenabled the offline file for some users and the
issue still occurs (sporadically but still often). Some files cant be
accessed until you manually synchronize them. And when you disable and
then reenable the offline files, they appear to be read only when the
user is offline !
The solution we figured out is to translate security on the network
drives (we tested it, it works). As the ADMT security translation
connot be limited to a subdirectory, we choosed to use Subinacl. And
then we come upon the second amazing thing !
It seems that the /changedomain and /migratetodomain modes are not
compatible with SIDHistory ! In fact, no translation is made for users
and groups that have been migrated with SIDHistory. But for a user that
have been migrated without SIDHistory subinacl works very well. I doubt
this behaviour is by design and its a severe limitation to the tool.
We can't see any workaround for this bug or anyway to resolve it. Any
idea ?
We found out that offline file does not work out very well after AD
migration. The problem shows up when the user is offline. We figured
out that the SIDHistory thing does not work out very well when the user
is offline. Microsoft are not accurate about the issue. They recommend
to translate security on the client computer for offline files to
continue to work:
http://technet2.microsoft.com/Windo...0f66-4c9b-a26f-2f707f7ded491033.mspx?mfr=true
But the issue is more complicated than that. In fact, we did that and
we even disabled then reenabled the offline file for some users and the
issue still occurs (sporadically but still often). Some files cant be
accessed until you manually synchronize them. And when you disable and
then reenable the offline files, they appear to be read only when the
user is offline !
The solution we figured out is to translate security on the network
drives (we tested it, it works). As the ADMT security translation
connot be limited to a subdirectory, we choosed to use Subinacl. And
then we come upon the second amazing thing !
It seems that the /changedomain and /migratetodomain modes are not
compatible with SIDHistory ! In fact, no translation is made for users
and groups that have been migrated with SIDHistory. But for a user that
have been migrated without SIDHistory subinacl works very well. I doubt
this behaviour is by design and its a severe limitation to the tool.
We can't see any workaround for this bug or anyway to resolve it. Any
idea ?