Currently, I have two forests, domain A and domain B with an external, two-way, non-transitive trust. Users in Domain A also have an account in Domain B (not all users in Domain B have an account in Domain A), some samaccounts are the same the same in both domains, some different. Users in Domain A have Exchange mailboxes in both domains. Is it possible to merge (or transfer?) SIDs using ADMT or another method while maintaining the two separate accounts and the integrity of both accounts to allow access to resources across domains?
Asked
Active
Viewed 120 times
2
-
Why would you want to merge the SID and screw up the forest? – Jim B Apr 15 '15 at 04:34
-
Can you elaborate? Would adding the SID of the user's Domain B account to the SIDHistory attribute of the Domain A account screw up the forest? – xyz1234 Apr 15 '15 at 12:45
-
You are giving 2 separate security principals equivalency. There is no reason to do that when you have a trust – Jim B Apr 15 '15 at 15:14
1 Answers
1
Sidhistory was designed for migrations, not to enable equivalency. Since you have a trust, there is no reason to circumvent the normal authentication process.
Jim B
- 23,938
- 4
- 35
- 58