Manage Learn to apply best practices and optimize your operations.

Migrating from NT4 to Win2k domain and concerned about SID for Exchange 5.5 service account

I am migrating from an NT 4.0 domain to Win2k, and I am concerned about the SID for the Exchange 5.5 service account. The Exchange Server is the BDC and is not being migrated or upgraded. How can I protect this info when moving from old domain to new?

This is a tough question, but not an uncommon one. There are two methods you can use:

If you upgrade domains, the SIDs of security principals do not change. If you can get away with upgrading the BDC (backup domain controller), this would be your best bet.

If you must restructure domains in a way that requires you to migrate security principals between domains, then the SID will change. However, the old SID will be maintained in an attribute on security principals in Active Directory known as "sIDHistory." These SIDs in sIDHistory are added to user access tokens and thus resource access is maintained.

If the sIDHistory attribute cannot be used, then tools such as the Active Directory Migration Tool (ADMT) and third-party tools can replace the old SIDs on resources with the new ones.

See http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/windows2000serv/plan/migntw2k.asp for more information.

Hope this helps.

Dig Deeper on Exchange Server setup and troubleshooting

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.