Online Manual: "MigrateMagic"
Go to: MigrateMagic homepage
SIDhistory cleanup Overview
Several migration tools support the migration of the SIDhistory attribute
to Windows 2000 Active Directory user accounts. In fact, the SID from
an Windows NT4 user account is stored in the SIDhistory of a Windows 2000
user account, while the primary SID is created. Effectively, a Windows
2000 user has two SID's.
A SID stores security information for a user or group account. This
information tells the system whether a user has sufficient rights to access
files, manupilate user accounts, print documents etc.
In the scenario that several files and printers are still on a Windows
NT4 server, the new Windows 2000 has to be able to access those resources.
That's where the SIDhistory attribute comes in, enabling a Windows 2000
user to access Windows NT4 resources.
When the migration project is completed, all resources should be on
Windows 2000 servers, thus making the SIDhistory attribute obsolete. Leaving
the SIDhistory attribute on Windows 2000 users with no particular use
may decrease performance and security.
This wizard allows you to remove the SIDhistory attributes on Windows
2000 user accounts. You have the option of removing all SIDhistory entries
from a user, or remove selected entries. For instance, if you have recently
moved the Windows 2000 users to another domain, they get another SIDhistory
entry. In that case, you only want to delete the SIDhistory entry that
corresponds to the old Windows NT4 user account.
| 
