Rebecca Chen [MSFT]
2004-09-03 09:00:58 UTC
Hello,
When you view the sIDHistory attribute in Active Directory using an LDAP
tool such as LDP.exe, the attribute will look something like the following:
1> sIDHistory: S-1-5-21-1619521004-1441481110-1935294565-1315;
If you see an attribute on the user account that looks like the preceding
example, then the SID History is present. If the attribute is missing or is
marked as "Not set" (if you are viewing it using ADSI Edit, for example),
the SID History was not migrated for that specific account.
I believe that the below article can answer your question.
What Exchange Administrators Need to Know About the Active Directory
Migration Tool:
http://www.microsoft.com/technet/prodtechnol/exchange/2003/admt.mspx
The command Getsid.exe is used to compares the user security identifiers of
two accounts. Windows 2k3 supports Getsid.exe, and you can use this command
to see the user account SID. The useage is : getsid \\mydc accont1 \\mydc
accout2
You will see the SID of accont1 and account2.
For more details, Please refer to the following article:
Getsid.exe: Get Security ID
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techre
f/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techre
f/en-us/getsid.asp
Getsid.exe can be download from the following link:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/getsid-o
.asp
If you have any questions, please feel free to let me know.
Have a nice day!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
When you view the sIDHistory attribute in Active Directory using an LDAP
tool such as LDP.exe, the attribute will look something like the following:
1> sIDHistory: S-1-5-21-1619521004-1441481110-1935294565-1315;
If you see an attribute on the user account that looks like the preceding
example, then the SID History is present. If the attribute is missing or is
marked as "Not set" (if you are viewing it using ADSI Edit, for example),
the SID History was not migrated for that specific account.
I believe that the below article can answer your question.
What Exchange Administrators Need to Know About the Active Directory
Migration Tool:
http://www.microsoft.com/technet/prodtechnol/exchange/2003/admt.mspx
The command Getsid.exe is used to compares the user security identifiers of
two accounts. Windows 2k3 supports Getsid.exe, and you can use this command
to see the user account SID. The useage is : getsid \\mydc accont1 \\mydc
accout2
You will see the SID of accont1 and account2.
For more details, Please refer to the following article:
Getsid.exe: Get Security ID
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techre
f/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techre
f/en-us/getsid.asp
Getsid.exe can be download from the following link:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/getsid-o
.asp
If you have any questions, please feel free to let me know.
Have a nice day!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.