I am migrating from an NT 4.0 domain to Win2k, and I am concerned about the SID for the Exchange 5.5 service account. The Exchange Server is the BDC and is not being migrated or upgraded. How can I protect this info when moving from old domain to new?
This is a tough question, but not an uncommon one. There are two methods you can use:
If you upgrade domains, the SIDs of security principals do not change. If you can get away with upgrading the BDC (backup domain controller), this would be your best bet.
If you must restructure domains in a way that requires you to migrate security principals between domains, then the SID will change. However, the old SID will be maintained in an attribute on security principals in Active Directory known as "sIDHistory." These SIDs in sIDHistory are added to user access tokens and thus resource access is maintained.
If the sIDHistory attribute cannot be used, then tools such as the Active Directory Migration Tool (ADMT) and third-party tools can replace the old SIDs on resources with the new ones.
Hope this helps.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.