ADAM (ADLDS), userProxy, and sidHistory: Not always what you expected has moved to it’s new location on JefTek.com
June 27, 2007
ADAM, userProxy, and sidHistory: Not always what you expected
Posted by JefTek under Active Directory[2] Comments
[2] Comments
%d bloggers like this:
June 27, 2007 at 11:31 am
Just for completeness, another option is to join ADAM machine to the OldDomain. Of course, this option might not be feasible in many deployments.
June 27, 2007 at 12:18 pm
Dmitri,
I forgot to mention that as one of the options we had considered. Doing so would not fit the migration timeline because oldDomain is going offline at seperation (in a few months) and we would have to move ADAM then, etc. Also in my scenario oldDomain is not managed by the same group as newDomain, which could expose passwords over LDAP simple binds where SSL is not used, etc. But yes, it would be viable since the oldDomain sid would be tried against oldDomain first
We did think about moving the ADAM box to the ROOT domain of the forest newDomain is in, but it still resolves the oldDomain sid as newDomain which makes sense.
Thanks for the feedback.