M
Melankani
Guest
Hello Community,
i have the following problem. We migrated users and computers from aaa.nil to bbb.nil a few month ago.
We migrated the sid via admt from aaa.nil to the users bbb.nil ad object. It is stored in the SIDHistory attribute.
Now we want to get rid of the SIDHistory attribut and want to clear it. Now we have one problem.
It is very likely that some users still use an "old profile" where only the aaa.nil-SID is stored in the ACL of the users profile.
Once i delete the SIDHistory for such a user his profile will get inaccessable. How can i be prepared for this case. I somehow need to check the SIDs of every users profile. As long as the SIDHistory attribute is filled with the old SID i do not get a S-1-5-21-xxxolddomainxxx but only get the resolved username.
This screenshot shows a user profile which is inaccessable for a migrated user who just got his SIDHistroy-attribute cleared.
More...
i have the following problem. We migrated users and computers from aaa.nil to bbb.nil a few month ago.
We migrated the sid via admt from aaa.nil to the users bbb.nil ad object. It is stored in the SIDHistory attribute.
Now we want to get rid of the SIDHistory attribut and want to clear it. Now we have one problem.
It is very likely that some users still use an "old profile" where only the aaa.nil-SID is stored in the ACL of the users profile.
Once i delete the SIDHistory for such a user his profile will get inaccessable. How can i be prepared for this case. I somehow need to check the SIDs of every users profile. As long as the SIDHistory attribute is filled with the old SID i do not get a S-1-5-21-xxxolddomainxxx but only get the resolved username.
This screenshot shows a user profile which is inaccessable for a migrated user who just got his SIDHistroy-attribute cleared.
More...