How to remove sid history

[Norman]

Hi,
I am the "Domain Admin" of a child domain running W2K. I have some migrated
users that have SID History attributes. When I try to use ADSI to remove
their sidHistory attribute , I got the error message saying that I am not
the "owner of the sam account manager ".
What does that means ? Is there any other way to remove this attribute ?

Norman

 

[Tomasz Onyszko [MVP]]

Hi,
I am the "Domain Admin" of a child domain running W2K. I have some migrated
users that have SID History attributes. When I try to use ADSI to remove
their sidHistory attribute , I got the error message saying that I am not
the "owner of the sam account manager ".

You can use vbscript attached with this tool:
http://www.tbiro.com/projects/SHEdit/index.htm

 

[Norman]

Tom, I am very nervous to run a authoritative restore just to remove an
attribute for users ( which is described in that tools ), is there any other
tools that do not require an Authoritative Restore ? Thanks.

Norman

 

[Tomasz Onyszko [MVP]]

Tom, I am very nervous to run a authoritative restore just to remove an
attribute for users ( which is described in that tools ), is there any other
tools that do not require an Authoritative Restore ? Thanks.

I was only telling You to use ClearSIDHistory.vbs - this not requires
reboot. Similiar script can be found on polish technet site (I know that
You can't understand polish so simply go and take a look at last script
on this page):

http://www.microsoft.com/poland/technet/article/art014.mspx

 

[Ryan Hanisco]

Norman,

The VBS script does a great job of this but you'll need to be VERY careful.
If your workstation migration didn't go perfectly, then when you pull the
SIDHistory, the profiles will dissociate and your users will create new
local profiles from the defaults.

I would suggest doing this manually for several users and systematically
test all of your applications. If this looks to be ok, then do a
domain-wide wipe of your SIDHistory using the VBS script.