Share via

Access Denied during SidHistory clone

Kacper Gostek 1 Reputation point
2021-03-16T10:36:10.987+00:00

Hi, I've got two domians in two forest: abc.local and contoso.xyz.local - bidirectional transitive trust between abc.local and xyz.local. I'm trying to make clone of sid for user TestUser from contoso.xyz.local to abc.local, using SidCloner.dll ([GreyCorbel.SidCloner]::CloneSid() - load assembly and use in Powershell). Everything works correctly in this direction. I've received "Access Denied" when I'm trying to do the same but in the opposite direction (from abc.local to contoso.xyz.local). To perform this operation I'm using domain admins user from both domains. I was try temporary grant full control for domain for each user but no result. Does anyone have any idea what else to check ? Thank you.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-03-17T01:07:14.103+00:00

    Hi,
    I found a article for this ,It seems we need to some requirements for the migration, just for your reference:
    https://migration-blog.com/2013/11/05/how-to-write-or-migrate-sidhistory-with-powershell-2/

    You may try use ADMT to migrate sidhistory.
    Following links for your reference:
    https://blog.thesysadmins.co.uk/admt-series-1-preparing-active-directory.html
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc974332(v=ws.10)
    This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.
    Best Regards,

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.