Moving User Accounts Between Domains

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

When you install and provision a root cluster in an organization, it is registered in the Active Directory forest as a service connection point. There can be only one root cluster for every Active Directory forest.

In general, when you move a user account from one domain to another domain that is in the same forest, a new SID is created for the user account that is in the new domain. Then, when a user attempts to acquire a new rights account certificate from the server, the user appears to be a new user to the server because of the new SID. The server generates new keys for the user and issues the new rights account certificate by using the original e-mail address of the user. When the user attempts to use the new rights account certificate with an existing license, the SID and keys will not match and it will be necessary for the user to acquire a new license. This is also true for moving a user account to a domain that is in a different forest.