Announcement

Collapse
No announcement yet.

ADMT Enable SIS history

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ADMT Enable SIS history

    Guys, i have a situation here.
    I am consolidating two Windows 2003 forests, but can't get SIDHISTORY to work.
    Both forests are Windows Server 2003.
    i ran the command NETDOM TRUST Trusteddomain /domain:Trustingdomain /EnableSidHistory:Yes /UserO:%Administrative-account% /PasswordO:%Password%

    and verified that SIDHISTORY is enabled.

    Trusteddomain /domain:Trustingdomain /EnableSidHistory /UserO:%Administrative-account% /PasswordO:%Password%

    SID history is enabled for this trust.

    But still cant get the SIDHISTORY to work. Both Domains/Forests are 2003 Native.
    Password Export service is running as expected.
    Ones the test user is migrated he looses access to resources in the source domain.

    Log says:
    SID For %User% added to the SID History of %User%
    WRN1:7857 Could not copy following Properties for %User%
    ........
    WRN1:7874 Disabled the "Password Never Expires" Account Option for account %USER% (is prety obvious).
    [Powershell]
    Start-DayDream
    Set-Location Malibu Beach
    Get-Drink
    Lay-Back
    Start-Sleep
    ....
    Wake-Up!
    Resume-Service
    Write-Warning
    [/Powershell]

    BLOG: Therealshrimp.blogspot.com

  • #2
    Re: ADMT Enable SIS history

    Is it a forest or external trust ?
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: ADMT Enable SIS history

      Forest trust
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: ADMT Enable SIS history

        I have checked the migrated object with ADSIEDIT and saw that the SIDHistory for the migrated user object is set.
        [Powershell]
        Start-DayDream
        Set-Location Malibu Beach
        Get-Drink
        Lay-Back
        Start-Sleep
        ....
        Wake-Up!
        Resume-Service
        Write-Warning
        [/Powershell]

        BLOG: Therealshrimp.blogspot.com

        Comment


        • #5
          Re: ADMT Enable SIS history

          I have also checked if SID filtering is enabled, which is not the case.
          SIDHistory Enabled
          SIDFiltering Disabled
          [Powershell]
          Start-DayDream
          Set-Location Malibu Beach
          Get-Drink
          Lay-Back
          Start-Sleep
          ....
          Wake-Up!
          Resume-Service
          Write-Warning
          [/Powershell]

          BLOG: Therealshrimp.blogspot.com

          Comment


          • #6
            Re: ADMT Enable SIS history

            Oké, shares are accessable now. Still have problems with the roaming profile and the Home Folder. But i do not think it is caused by permissions. It seems like Windows can't find them.
            [Powershell]
            Start-DayDream
            Set-Location Malibu Beach
            Get-Drink
            Lay-Back
            Start-Sleep
            ....
            Wake-Up!
            Resume-Service
            Write-Warning
            [/Powershell]

            BLOG: Therealshrimp.blogspot.com

            Comment

            Working...
            X