Implication of removing SID history attribute in sharepoint 2016

MARTIN, Florent 21 Reputation points
2022-10-21T08:24:18.013+00:00

Hello,

We would like to remove the "sid-history" attribute from our active directory objects, but it's not clear if this can have any impact on Sharepoint 2016.
I would seems that previous Sharepoint version did not support this attribute (SharePoint 2010 and Kerberos – does SharePoint use sIDHistory at all?), yet this microsoft ressource User accounts migrated with their SID history across forests are not resolved in SharePoint mentions troubleshooting in migration scenario involving "sid-history" attribute.

Can you point me in the right direction ?

Thanks in advance.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,718 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,969 questions
0 comments No comments
{count} votes

Accepted answer
  1. Emily Du-MSFT 48,176 Reputation points Microsoft Vendor
    2022-10-24T08:29:12.653+00:00

    @MARTIN, Florent

    When you migrate a user from domain A to domain B, SharePoint 2016 does store SID history. With SID history, a user would continue to use their old account to access SharePoint until the old account is disabled in AD, the new account is enabled and their account has been migrated within SharePoint (Move-SPUser). From that time forward, the user would only use their new account to log in and access SharePoint.

    It's recommended that you remove SID history once the migration is complete.

    Here're are references about remove SID history.

    https://n8d.at/move-users-from-domain-a-to-domain-b-in-sharepoint-with-claims-authentication-enabled
    https://joshroark.com/keeping-sharepoint-happy-during-your-domain-migration/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. MARTIN, Florent 21 Reputation points
    2022-11-09T17:51:07.61+00:00

    Thank you for your detailed explainations.

    We actually have already migrated our domain some time ago, before installing sharepoint.
    We would like to know if sharepoint could be impacted when we remove this attribute from AD.

    Best regards


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.