Sidhistory of Migrated Domain Local group

G-ONE 166 Reputation points
2021-01-31T11:10:56.797+00:00

Hello Tech Guys,

Let's consider if Domain Local group of Source Domain is migrated to Domain Local group of Target Domain with Sidhistory. It means Target Domain Local group sidhistory attribute having value: <Sid of Source Domain Local group>.

Target Domain user is member of Target Domain local group. Target Domain user login to Target Domain joined workstation.

So my question is:

What Sids will be showing in target user's access token?

Sid of target domain local group + Sidhistory both

OR

Only Sid of target domain local group

Please answer specific to question with Microsoft support article that validates the answer.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,391 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,208 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,942 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
516 questions
Windows Server Migration
Windows Server Migration
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Migration: The process of making existing applications and data work on a different computer or operating system.
410 questions
Accepted answer
  1. Thameur-BOURBITA 32,586 Reputation points
    2021-01-31T12:22:20.94+00:00

    Hi,

    What Sids will be showing in target user's access token?

    The answer is Sid of target domain local group + Sidhistory both
    A Windows security token can hold a maximum of 1,023 sIDs, including sIDHistory and group sIDs.
    You can refer to the following article for more details:

    Using SID History to Preserve Resource Access
    inter-forest-sidhistory-migration-with-admt

    ----------

    Please don't forget to mark helpful reply as answer

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest