Windows LiveWindows Live
 
 
Jef's profileThis has blog has moved ...PhotosBlogListsMore Tools Help

Blog
    June 27

    ADAM, userProxy, and sidHistory: Not always what you expected

    12:36 AM | Blog it | Active Directory

    Comments (2)

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.
    Jef has turned off comments on this page.
    Jefwrote:
    Dmitri,
    I forgot to mention that as one of the options we had considered.  Doing so would not fit the migration timeline because oldDomain is going offline at seperation (in a few months) and we would have to move ADAM then, etc.   Also in my scenario oldDomain is not managed by the same group as newDomain, which could expose passwords over LDAP simple binds where SSL is not used, etc.  But yes, it would be viable since the oldDomain sid would be tried against oldDomain first :)
     
    We did think about moving the ADAM box to the ROOT domain of the forest newDomain is in,  but it still resolves the oldDomain sid as newDomain which makes sense.
     
    Thanks for the feedback.  
    June 27
    Picture of Anonymous
    Dmitri Gavrilov [MSFT] wrote:
    Just for completeness, another option is to join ADAM machine to the OldDomain. Of course, this option might not be feasible in many deployments.
    June 27

    Trackbacks

    Weblogs that reference this entry
    • None