Q

Migrating from NT4 to Win2k domain and concerned about SID for Exchange 5.5 service account

I am migrating from an NT 4.0 domain to Win2k, and I am concerned about the SID for the Exchange 5.5 service account.

The Exchange Server is the BDC and is not being migrated or upgraded. How can I protect this info when moving from old domain to new?

This is a tough question, but not an uncommon one. There are two methods you can use:

If you upgrade domains, the SIDs of security principals do not change. If you can get away with upgrading the BDC (backup domain controller), this would be your best bet.

If you must restructure domains in a way that requires you to migrate security principals between domains, then the SID will change. However, the old SID will be maintained in an attribute on security principals in Active Directory known as "sIDHistory." These SIDs in sIDHistory are added to user access tokens and thus resource access is maintained.

If the sIDHistory attribute cannot be used, then tools such as the Active Directory Migration Tool (ADMT) and third-party tools can replace the old SIDs on resources with the new ones.

See http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/windows2000serv/plan/migntw2k.asp for more information.

Hope this helps.


This was first published in January 2002

Dig deeper on Exchange Server Deployment and Migration Advice

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close