Question about GUIDs in Interforest migration

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a scenario whereby I am trying to do an an interforest migration
between a Windows 2000 source domain and a Windows 2000 target domain, using
the ADMT. My understanding is that there is a limitation in ADMT when dealing
with Windows 2000 source domains in that the GUIDs are not preserved. What
would be the impact of missing GUIDs after the migration?

Source: Domain Migration Cookbook, Chapter 4: Restructuring Tools,
Disadvantages of Interforest Migration -
http://technet.microsoft.com/en-us/library/Bb727128.aspx

Thanks,

Ben
 
If I understand your question correctly, the destination domain has its own
guid and the source objects that are being migrated such as user objects
have sids. Through the use of the sidHistory attribute security provisions
from the old domain to the new domain are preserved. So behind the scenes
the object sids (Users, groups, etc...) are different but the permission to
access the objects (files, folders, printers, etc...) they previously had
should be maintained.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Every GUID is different and there is no relation between GUIDs.

For SIDs however, that's a different thing. Each SID consists of a domain
part and a relative part. The domain part is the same for each security
principal in the domain and the relative part is uniwue within the domain.
during migration the target account will get a new SID and you have the
possibility to preserve the old sid by migrating it and storing it in the
sidhistory attribute. ADMT can do that for you. Remember sidhistory is a
temp solution, not a long term solution. Make sure to cleanuop afterwards

see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/12/27/Migrating-stuff-with-ADMTv3.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
Back
Top