By default, the SID Filtering security feature is enabled in Active Directory since Windows 2000 Server SP3. In order to use the SID History functionality for domain restructuring and migration, the former should be disabled on all forest and domain level NT trusts.
Both the trusting domain and trusted domain parameter should be specified using the NetBIOS equivalent instead of the FQDN. Otherwise, a misleading error message will be returned when you run the netdom.exe command:
netdom trust TrustingDomain /domain:TrustedDomain /quarantine:No /userD:domainAccount /passwordD:*
Access is denied.
The command failed to complete successfully.
Proper syntax and provision of the necessary credential will show up as:
SID filtering is not enabled for this trust.
The command completed successfully.
No Comments »
Leave a Reply
You must be logged in to post a comment.