Hello,
We have migrated to AD from a NT structure.  To my understanding, our
new ID's in the AD carry an extra SID attribute (the SID from the
previous NT account) called SID history.  It sounds like the ID
actually has two SID's associated to it (maybe you can explain
better).
Let me set up the questions a bit:  Say we migrated from our old
domain called "Old_Domain" and we migrated to the Active Directory
called "New_AD_Domain".  There is a directory on "Old_Server" that
gives permissions to an old account called "Old_NT_Account".  After
"Old_NT_Account" is migrated to a "New_AD_Account", this new account
still has permissions in that old directory because of SID history.

Here's my first question:  If I delete the "Old_NT_Account" from the
"Old_Domain", will its corresponding "New_AD_Account" still have
permissions in that directory on "Old_Server"?

Second Question:  Same as above, rather I delete the entire "Old_Domain".

Third Question:  Essentially the same question again, but with regards
to Exchange.  If mailbox "someAccount@someDomain.com" is associated to
"Old_Domain\Old_NT_Account" but ?New_AD_Account has access because of
SID history, what will happen when I delete either the Old_NT_Account
or the Old_Domain?

Last Question:
Can you provide me with information on ?re-permissioning? and possible
any tools which can automate the process.

Thanks for your time.  (Since I?m in a bind, I will add additional tip
for answer speed).

---

Clarification of Question by stevenclary-ga on 31 Mar 2004 05:25 PST

If you believe the price is out of range, please let me know.

This might be a good place to start

http://www.microsoft.com/technet/community/columns/profwin/pw0402.mspx

It talks about SID history and migration tools.

Hope it helps