Translate Security by Using a SID Mapping File

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Applies to: Active Directory Migration Tool 3.2 (ADMT 3.2)

If you have to translate security so that permissions that are granted to the source account or group are now granted to the target account or group, use a security identifier (SID) mapping file to associate the two accounts. The SID mapping file is a comma-separated values (CSV) formatted file that lists pairs of accounts, in either Windows NT account name (domain\name) format or SID format. The account on the left is the source account, and the account on the right is the target account. The Active Directory Migration Tool (ADMT) security translation translates security from the source account to the target account.

You can reference the SID mapping file in the Security Translation Wizard or from the command line. The option is /SMF so that the full command line looks similar to the following:

ADMT SECURITY /N "<computer_name>" /SMF:"<sid_mapping_file_path>"