I have a test environment set up with two 2003 forests;
abc.local and xyz.local. I have a two-way forest trust set up, I can perform all functions needed in both environments. I have migrated my groups, my users (disabled in this step), my profiles, my machines, and finally my users again (this time enabled and merged). All things are good, AD in my target domain is updated like it should be, profiles are translated like they should be. Everything is gravy, except I cannot access resources on the old domain. The ACL's on the resources are not set via well-known accounts (i.e. Domain Admins, Domain Users, etc.). I have verified that each user/group that was migrated has a sidhistory value via adsiedit. I have executed the following commands on both sides of the trust:
I receive a response back saying that SIDFiltering is turned off
I receive back "Enabling SID history for this trust". I'm am totally stumped as to what else it could be. Anyone?
abc.local and xyz.local. I have a two-way forest trust set up, I can perform all functions needed in both environments. I have migrated my groups, my users (disabled in this step), my profiles, my machines, and finally my users again (this time enabled and merged). All things are good, AD in my target domain is updated like it should be, profiles are translated like they should be. Everything is gravy, except I cannot access resources on the old domain. The ACL's on the resources are not set via well-known accounts (i.e. Domain Admins, Domain Users, etc.). I have verified that each user/group that was migrated has a sidhistory value via adsiedit. I have executed the following commands on both sides of the trust:
Code:
netdom trust <trustingdomain> /domain:<trusteddomain> /quarantine:no /usero:<username> /passwordo:*
Code:
netdom trust <trusteddomain> /domain:<trustingdomain> /enabledsidhistory:yes
