J
James
I am drawing a blank on the usage of SIDHistory in this
scenario. Let me lay it out.
We are doing an AD migration from NT4 domain(Legacy) to a
new AD domain(AD_NEW). We are migrating users to AD_NEW,
but we are not moving accounts with SIDHistory. Due to
coporate security, we have to copy accounts and not delete
or disable the accounts in the legacy domain. So each
user has an active AD account and a Legacy domain account.
Here is the problem I can't think through for some
reason....
A server sits in the legacy domain. There is a two-way
truse between the two domains, and there is a file share
on the legacy server that is set up with Legacy NT Group
security. If a user from the AD_NEW doain tries to access
the share, will the server ever try to check the legacy
domain based on the old SID to authenticate? THere is no
password synch going on, so the legacy accounts will
eventually have expired passwords. Let me know what you
guys think. Thanks.
James
scenario. Let me lay it out.
We are doing an AD migration from NT4 domain(Legacy) to a
new AD domain(AD_NEW). We are migrating users to AD_NEW,
but we are not moving accounts with SIDHistory. Due to
coporate security, we have to copy accounts and not delete
or disable the accounts in the legacy domain. So each
user has an active AD account and a Legacy domain account.
Here is the problem I can't think through for some
reason....
A server sits in the legacy domain. There is a two-way
truse between the two domains, and there is a file share
on the legacy server that is set up with Legacy NT Group
security. If a user from the AD_NEW doain tries to access
the share, will the server ever try to check the legacy
domain based on the old SID to authenticate? THere is no
password synch going on, so the legacy accounts will
eventually have expired passwords. Let me know what you
guys think. Thanks.
James