Monday, March 7, 2011

Verify sIDHistory and Identify the Source User Account

Here is a simple procedure which you can use to verify the sIDHistory and identify the corresponding source object.  

Step #1 – Get the sIDHistory of the migrated Object

You can use QSQuery command to generate the sIDHistory.  Here is an example. On the target domain, run the following command to get the sIDHistory value: 

dsquery * -Filter "(samaccountname=santhosh)" -Attr  sIDHistory

Step #2 – Compare this sIDHistory value against the source account. 

When a User object migrated from one domain to another, a new SID must be generated for the user account and stored in the ObjectSID property.  Before the new value is written to the property, the previous value (ObjectSID from source domain) is copied to another property of a User object, sIDHistory in the Target domain. So you can use the sIDHistory value to search the Source domain using the ObjectSID attributes to identify the corresponding user in the Source domain.  In other words, the sIDHistory value will be  equal to the source ObjectSID. 

So in the source Domain, you can perform a custom LDAP search using sIDHistroy  to identify the corresponding source object.  Here is an example:


The output of this LDAP query will be the corresponding object in the source domain. 


Other Related Blogs and Articles:

Active Directory Migration Using ADMT -

Computer Migration - Things to Consider -

User Account Migration and Merging Using ADMT -

ADMT Include File -

User Migration and Input File Format -

ObjectSID Vs sIDHistory -

Identify SID Using DSQUEY Command -

PowerShell Script - Search Active Directory and Generate SIDHistory Report -

SID Filtering – Access is denied -

ADMT SID Mapping File Generation Using DSQUERY Command -

siDHistory Report - with Multi Value Support -

ObjectSID and Active Directory -


Post a Comment

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More