I've noticed the lack of available documentation around SIDMapping files used by ADMT. While they mention them briefly in the ADMT help file, and even in the MKB, there aren't any actual examples. I was originally stuck on this for a bit since I was used to the format of the normal ADMT include files (sourceName,TargetName,etc header on the first line, THEN the values - comma-delimited - on the subsequent line). Something to note: your SIDMapping file can contain multiple source domain SIDs (in a scenario where you're merging multiple source accounts - I've included examples of this below) that map to a single target domain object. I've seen user objects in AD with their SIDHistory attribute populated with 15-20 values. Anyway, below is a sample SIDMapping file I've used in the past. Notice that you can specity either by SID or by domain\username (in the second case, the domains will need to be reachable in order to resolve the domain\username to its actual Security Identifier).
sample sidmapping.txt file (cut and paste into Word, Notepad, etc to see the ends of lines trailing off the page):S-1-5-21-1674060341-653213906-1520766640-1984,S-1-5-21-219123761-1972038647-3338400271-28241
S-1-5-21-1674060341-653213906-1520766640-5114,S-1-5-21-219123761-1972038647-3338400271-28241
S-1-5-21-602162358-299502267-839522115-2502,S-1-5-21-219123761-1972038647-3338400271-28241
NTDomain\janedoe,NEWCorp\janedoe1
S-1-5-21-1674060341-653213906-1520766640-2202,S-1-5-21-219123761-1972038647-3338400271-22263
S-1-5-21-1674060341-653213906-1520766640-5100,S-1-5-21-219123761-1972038647-3338400271-22263
XYZCorp\johndoe,NEWCorp\johndoe
NTdomain\jdoe,NEWCorp\johndoeFor more information on Security Identifiers (SIDs):
Posts
1 comment:
Very informative post for me as I am always looking for new content that can help me and my knowledge grow better. msi application packaging
Post a Comment