netdom, SID Filtering and SID History
Jan 25th 2009Desmond LeeWindows Server 2012/ 2008 R2/ Server Core & Security
By default, the SID Filtering security feature is enabled in Active Directory since Windows 2000 Server SP3. In order to use the SID History functionality for domain restructuring and migration, the former should be disabled on all forest and domain level NT trusts.
Both the trusting domain and trusted domain parameter should be specified using the NetBIOS equivalent instead of the FQDN. Otherwise, a misleading error message will be returned when you run the netdom.exe command:
netdom trust TrustingDomain /domain:TrustedDomain /quarantine:No /userD:domainAccount /passwordD:*
Access is denied.
The command failed to complete successfully.
Proper syntax and provision of the necessary credential will show up as:
SID filtering is not enabled for this trust.
The command completed successfully.
Technorati tags: Active Directory, Windows Server 2008, Security
No Comments »
Leave a Reply
You must be logged in to post a comment.