Ask the Expert

Migrating from NT4 to Win2k domain and concerned about SID for Exchange 5.5 service account

I am migrating from an NT 4.0 domain to Win2k, and I am concerned about the SID for the Exchange 5.5 service account. The Exchange Server is the BDC and is not being migrated or upgraded. How can I protect this info when moving from old domain to new?

    Requires Free Membership to View

This is a tough question, but not an uncommon one. There are two methods you can use:

If you upgrade domains, the SIDs of security principals do not change. If you can get away with upgrading the BDC (backup domain controller), this would be your best bet.

If you must restructure domains in a way that requires you to migrate security principals between domains, then the SID will change. However, the old SID will be maintained in an attribute on security principals in Active Directory known as "sIDHistory." These SIDs in sIDHistory are added to user access tokens and thus resource access is maintained.

If the sIDHistory attribute cannot be used, then tools such as the Active Directory Migration Tool (ADMT) and third-party tools can replace the old SIDs on resources with the new ones.

See for more information.

Hope this helps.

This was first published in January 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: