Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



SID History Clean Up

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 02-05-2008
Viswanath
 
Posts: n/a
SID History Clean Up

1.Does ADMT v3.0 perform SID History cleanup after the migration is completed?
2.Can ADMT v3.0 process COM+, DCOM, IIS, SharePoint, SQL Server, Cluster
Servers
3.Can migration tasks be delegated? If so are there any best practises on
this kind of deployment?
4. Can ADMT agents be dispatched using login script or can they be sent on a
media to remote users. I am looking for a solution to address disconnected
users and mobile users.

Reply With Quote
  #2  
Old 05-05-2008
Morgan che
 
Posts: n/a
RE: SID History Clean Up

Hi,

Thanks for using this newsgroup.

<1.Does ADMT v3.0 perform SID History cleanup after the migration is
completed?>

[Morgan]:

By default, SIDHistory, password, and objectGUID are all preserved during
intra-forest migrations. For inter-forest migration, SIDHistory will be
preserved if choosing 'Enable SIDHistory' in ADMT migration Wizard.
SIDHistory attribute ensures the migrated users to access the original
resource without re-assigning the corresponding permissions.

The migrated objects are assigned a new SID by the target domain. The
original SID is added to the SIDHistory attribute of the migrated object in
the new domain. After this occurs, the sIDHistory attribute may not be
modified or deleted by using the standard Active Directory administration
tools. This is not permitted because the sIDHistory attribute is owned by
the SAM. It is possible to clear the sIDHistory by using a script or a
non-public Microsoft internal tool.

For more information about how to use Visual Basic Script to clear
SidHistory, please refer to

How To Use Visual Basic Script to Clear SidHistory
http://support.microsoft.com/kb/295758/en-us

<2.Can ADMT v3.0 process COM+, DCOM, IIS, SharePoint, SQL Server, Cluster
Servers?>

[Morgan]:

Please understand ADMT can help us migrate User accounts, groups, computer
accounts and security permissions, like NTFS permission, printer permission
and so on. For the migration of COM+, DCOM, IIS, SharePoint, SQL Server,
Cluster Servers, it's not included in supported scenarios. More
information, please refer to

ADMT v3 Migration Guide
http://www.microsoft.com/downloads/d...770-3BBB-4B9E-
A8BC-01E9F7EF7342&displaylang=en

<3.Can migration tasks be delegated? If so are there any best practices on
this kind of deployment?>

[Morgan]:

Yes, the migration tasks can be delegated. Please refer to the following
article to delegate the necessary permission:

Establishing Migration Accounts
http://technet2.microsoft.com/window...a-c150-4cbe-b7
d4-7bbecb8960d71033.mspx?mfr=true

<4. Can ADMT agents be dispatched using login script or can they be sent on
a media to remote users. >

Based on my research, we can use the following method to migrate computer.

1.we can use a script to join workstations to the new domain, then use ADMT
(Active Directory Migration Tool) to migrate users to new domain.

For how to create a script to join a computer to a domain, please refer to
the following articles:

How to join a domain from the command line
http://support.microsoft.com/kb/150493/en-us

Join a computer to a domain by VBscript
http://cwashington.netreach.net/depo...tType=vbscript

Please note:

This article assumes that you are familiar with the programming language
being demonstrated. Due to the fact this is a Development related request
in nature, if you need a specific script under the particular scenario,
you'd best be addressed in the following Developer newsgroups:
http://msdn.microsoft.com/newsgroups/default.asp

2. Alternatively, to directly migrate computer account by using a logon
script on the target workstation, you can refer to the following article to
write this script:

Migrating Windows NT Workstations to a New Domain
http://www.microsoft.com/technet/arc.../migrwork.mspx
?mfr=true

Briefly, to achieve to migrate Workstations to a new Domain, three logon
scripts will be requested. The first one is to create a user account with
the proper permissions to do migration. The second one is to perform
migration task. The last is to restore the changed local groups and
registry.

I hope this helps. If you need further assistance, please feel free to post
back.

Have a good day!



Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->Thread-Topic: SID History Clean Up
--->thread-index: AcisTmxhCGu6wLaqTNWZ9ZFXAXER6A==
--->X-WBNR-Posting-Host: 207.46.19.168
--->From: =?Utf-8?B?Vmlzd2FuYXRo?= <Viswanath@discussions.microsoft.com>
--->Subject: SID History Clean Up
--->Date: Fri, 2 May 2008 05:17:00 -0700
--->Lines: 8
--->Message-ID: <9C7BDA4B-A218-4C8D-A113-829F4587CE9F@microsoft.com>
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> charset="Utf-8"
--->Content-Transfer-Encoding: 7bit
--->X-Newsreader: Microsoft CDO for Windows 2000
--->Content-Class: urn:content-classes:message
--->Importance: normal
--->Priority: normal
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
--->Newsgroups: microsoft.public.windows.server.migration
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3531
--->NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
--->1.Does ADMT v3.0 perform SID History cleanup after the migration is
completed?
--->2.Can ADMT v3.0 process COM+, DCOM, IIS, SharePoint, SQL Server,
Cluster
--->Servers
--->3.Can migration tasks be delegated? If so are there any best practises
on
--->this kind of deployment?
--->4. Can ADMT agents be dispatched using login script or can they be sent
on a
--->media to remote users. I am looking for a solution to address
disconnected
--->users and mobile users.
--->

Reply With Quote
  #3  
Old 05-05-2008
Venkat
 
Posts: n/a
Re: SID History Clean Up

Thank You Morgan for your response.

Two things on the computer migration:
1. So if i understand correctly, we need to perform these steps in the
following order:
a) user migration
b)join the users comp to the new domain (may be using netdom util)
c)run Admt security translation
2.How do we handle computers which are either over VPN or which remote
computers that do not login to the domain?

On delegated migrations:
1.So, we can have a scenario where all users are migrated from a central
office (HO) and the resource migration is delegated to branch admins. In
this kind of delegation, should all branch admin ADMT consoles be configured
to use the same SQL server which is configured to be used by the HO ADMT
Console? How does this work?




"Morgan che(MSFT)" <v-morche@online.microsoft.com> wrote in message
news:%23sL001orIHA.1788@TK2MSFTNGHUB02.phx.gbl...
> Hi,
>
> Thanks for using this newsgroup.
>
> <1.Does ADMT v3.0 perform SID History cleanup after the migration is
> completed?>
>
> [Morgan]:
>
> By default, SIDHistory, password, and objectGUID are all preserved during
> intra-forest migrations. For inter-forest migration, SIDHistory will be
> preserved if choosing 'Enable SIDHistory' in ADMT migration Wizard.
> SIDHistory attribute ensures the migrated users to access the original
> resource without re-assigning the corresponding permissions.
>
> The migrated objects are assigned a new SID by the target domain. The
> original SID is added to the SIDHistory attribute of the migrated object
> in
> the new domain. After this occurs, the sIDHistory attribute may not be
> modified or deleted by using the standard Active Directory administration
> tools. This is not permitted because the sIDHistory attribute is owned by
> the SAM. It is possible to clear the sIDHistory by using a script or a
> non-public Microsoft internal tool.
>
> For more information about how to use Visual Basic Script to clear
> SidHistory, please refer to
>
> How To Use Visual Basic Script to Clear SidHistory
> http://support.microsoft.com/kb/295758/en-us
>
> <2.Can ADMT v3.0 process COM+, DCOM, IIS, SharePoint, SQL Server, Cluster
> Servers?>
>
> [Morgan]:
>
> Please understand ADMT can help us migrate User accounts, groups, computer
> accounts and security permissions, like NTFS permission, printer
> permission
> and so on. For the migration of COM+, DCOM, IIS, SharePoint, SQL Server,
> Cluster Servers, it's not included in supported scenarios. More
> information, please refer to
>
> ADMT v3 Migration Guide
> http://www.microsoft.com/downloads/d...770-3BBB-4B9E-
> A8BC-01E9F7EF7342&displaylang=en
>
> <3.Can migration tasks be delegated? If so are there any best practices on
> this kind of deployment?>
>
> [Morgan]:
>
> Yes, the migration tasks can be delegated. Please refer to the following
> article to delegate the necessary permission:
>
> Establishing Migration Accounts
> http://technet2.microsoft.com/window...a-c150-4cbe-b7
> d4-7bbecb8960d71033.mspx?mfr=true
>
> <4. Can ADMT agents be dispatched using login script or can they be sent
> on
> a media to remote users. >
>
> Based on my research, we can use the following method to migrate computer.
>
> 1.we can use a script to join workstations to the new domain, then use
> ADMT
> (Active Directory Migration Tool) to migrate users to new domain.
>
> For how to create a script to join a computer to a domain, please refer to
> the following articles:
>
> How to join a domain from the command line
> http://support.microsoft.com/kb/150493/en-us
>
> Join a computer to a domain by VBscript
> http://cwashington.netreach.net/depo...tType=vbscript
>
> Please note:
>
> This article assumes that you are familiar with the programming language
> being demonstrated. Due to the fact this is a Development related request
> in nature, if you need a specific script under the particular scenario,
> you'd best be addressed in the following Developer newsgroups:
> http://msdn.microsoft.com/newsgroups/default.asp
>
> 2. Alternatively, to directly migrate computer account by using a logon
> script on the target workstation, you can refer to the following article
> to
> write this script:
>
> Migrating Windows NT Workstations to a New Domain
> http://www.microsoft.com/technet/arc.../migrwork.mspx
> ?mfr=true
>
> Briefly, to achieve to migrate Workstations to a new Domain, three logon
> scripts will be requested. The first one is to create a user account with
> the proper permissions to do migration. The second one is to perform
> migration task. The last is to restore the changed local groups and
> registry.
>
> I hope this helps. If you need further assistance, please feel free to
> post
> back.
>
> Have a good day!
>
>
>
> Sincerely
> Morgan Che
> Microsoft Online Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> --------------------
> --->Thread-Topic: SID History Clean Up
> --->thread-index: AcisTmxhCGu6wLaqTNWZ9ZFXAXER6A==
> --->X-WBNR-Posting-Host: 207.46.19.168
> --->From: =?Utf-8?B?Vmlzd2FuYXRo?= <Viswanath@discussions.microsoft.com>
> --->Subject: SID History Clean Up
> --->Date: Fri, 2 May 2008 05:17:00 -0700
> --->Lines: 8
> --->Message-ID: <9C7BDA4B-A218-4C8D-A113-829F4587CE9F@microsoft.com>
> --->MIME-Version: 1.0
> --->Content-Type: text/plain;
> ---> charset="Utf-8"
> --->Content-Transfer-Encoding: 7bit
> --->X-Newsreader: Microsoft CDO for Windows 2000
> --->Content-Class: urn:content-classes:message
> --->Importance: normal
> --->Priority: normal
> --->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
> --->Newsgroups: microsoft.public.windows.server.migration
> --->Path: TK2MSFTNGHUB02.phx.gbl
> --->Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.server.migration:3531
> --->NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
> --->X-Tomcat-NG: microsoft.public.windows.server.migration
> --->
> --->1.Does ADMT v3.0 perform SID History cleanup after the migration is
> completed?
> --->2.Can ADMT v3.0 process COM+, DCOM, IIS, SharePoint, SQL Server,
> Cluster
> --->Servers
> --->3.Can migration tasks be delegated? If so are there any best practises
> on
> --->this kind of deployment?
> --->4. Can ADMT agents be dispatched using login script or can they be
> sent
> on a
> --->media to remote users. I am looking for a solution to address
> disconnected
> --->users and mobile users.
> --->
>



Reply With Quote
  #4  
Old 12-05-2008
Morgan che
 
Posts: n/a
RE: SID History Clean Up


Hi,

How are you?

I am writing to see if you have any update about this post. If you
encounter any break/fix issue, please feel free to let me know.

Have a good day!
Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->Thread-Topic: SID History Clean Up
--->thread-index: AcisTmxhCGu6wLaqTNWZ9ZFXAXER6A==
--->X-WBNR-Posting-Host: 207.46.19.168
--->From: =?Utf-8?B?Vmlzd2FuYXRo?= <Viswanath@discussions.microsoft.com>
--->Subject: SID History Clean Up
--->Date: Fri, 2 May 2008 05:17:00 -0700
--->Lines: 8
--->Message-ID: <9C7BDA4B-A218-4C8D-A113-829F4587CE9F@microsoft.com>
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> charset="Utf-8"
--->Content-Transfer-Encoding: 7bit
--->X-Newsreader: Microsoft CDO for Windows 2000
--->Content-Class: urn:content-classes:message
--->Importance: normal
--->Priority: normal
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
--->Newsgroups: microsoft.public.windows.server.migration
--->Path: TK2MSFTNGHUB02.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:3531
--->NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
--->1.Does ADMT v3.0 perform SID History cleanup after the migration is
completed?
--->2.Can ADMT v3.0 process COM+, DCOM, IIS, SharePoint, SQL Server,
Cluster
--->Servers
--->3.Can migration tasks be delegated? If so are there any best practises
on
--->this kind of deployment?
--->4. Can ADMT agents be dispatched using login script or can they be sent
on a
--->media to remote users. I am looking for a solution to address
disconnected
--->users and mobile users.
--->

Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "SID History Clean Up"
Thread Thread Starter Forum Replies Last Post
Best way to keep a MAC PC clean Renau Operating Systems 4 04-03-2010 09:17 AM
Does someone can see my web history Bindusar Technology & Internet 5 22-12-2009 05:38 AM
What is the best way to clean a CD Zebaril Hardware Peripherals 3 01-08-2009 09:01 PM
How to clean CD's and DVD's teena19 Hardware Peripherals 3 28-07-2009 01:55 PM
How to clean a ps3 Winifred Video Games 2 27-05-2009 07:23 PM


All times are GMT +5.5. The time now is 11:07 PM.