The objectSID property is what allows the security principal to remain unique within the domain and provides the mechanism that can be used for authorization. Once such a SID is obtained, it gets attached to any user object in the trusted domain, specifically to its sIDHistory attribute.
It is up to us administrators to resolve this problem as quickly as possible.
Using Active Directory and Computers we can scroll down to the sIDHistory field within the attribute editor tab for a specific user as show in Figure 2. Leveraging the sIDHistory field during cross-forest migrations is a great resource to help provide coexistence, but it is not free of issues.
Within the user properties dialog box select the Attribute Editor tab and scroll down to the objectSID property. For objects moving between domains within a single forest, the SID from the old domain is automatically added to the object in the new domain.
First, you will want to turn on the advanced features within the Active Directory Users and Computers tool by selecting the View dropdown and clicking on Advanced Features.
Luckily, Microsoft has made provisions for the limitations of SIDs when performing cross-forest migrations. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures.
Active Directory Insights Part 14 - More about the Global Catalog Active Directory uses the Kerberos v5 authentication protocol and its extensions for verifying the identity of users and hosts using a system of public key authentication, authorization data transport and delegation.
There is nothing worse than spending months working with a customer to migrate Active Directory or Exchange and you discover a sporadic problem that is seemingly impossible to nail down and remediate; this puts you and the client in a precarious situation.