[THIN] Re: How crazy would it be....
- From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 20 Jan 2006 09:10:55 -0000
Using sid history doesn't mean a group / user in a new domain has the
same sid as one in a legacy domain.
It means the sid from the legacy domain is "tagged" onto the object in
AD. The new group / user, has a brand new sid in the new domain, though,
and a potential number of legacy SIDs tagged to the object, that can be
presented if required, to legacy domains.
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of BRUTON, Malcolm, FM
> Sent: 20 January 2006 08:52
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: How crazy would it be....
>
> You are talking about using SID history which is slightly
> different. Using SID history mean that groups or users will
> have the same SID in either domain. Citrix uses the SID
> rather then the names of groups as should most apps. If you
> are simply moving apps or servers form one domain to another
> without using SID history, then the same group name in each
> domain will have a different SID, and you will have to
> repermission any resources so they use the new SID.
> Malcolm
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Kwaj Dude
> Sent: 19 January 2006 21:19
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: How crazy would it be....
>
>
> What we recently ran into is groups were migrated from
> one domain to another keeping the SID. Worked great for
> access to shares/folders based on group membership, totally
> didn't work with published apps access based on group
> membership. Perhaps it does track SIDs, but based on the
> behavior that we observed it certainly didn't fly with
> migrating across domains.
>
>
> On 1/18/06, BRUTON, Malcolm, FM
> <Malcolm.BRUTON@xxxxxxxx> wrote:
>
> I'm not sure that statement is right.
> If you rename a group in AD it
> will update it to the new name in the CMC on published apps.
> Therefore it must be using the SID. Best way is to test it....
> You can have a farm in multiple
> domains at once. You obviously just need to be careful with
> permissioning the right resources from each domain.
> I have seen issues with RM that
> is split between domains (an NT4 domain and an AD domain)
> where not everything works. Such as, you lose the ability to
> run some reports in the CMC based on group membership and you
> must run it only individual user accounts instead.
> Hope this helps
> Malcolm
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Kwaj Dude
> Sent: 18 January 2006 02:05
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: How crazy would it be....
>
>
> As far as published apps go, Citrix
> only looks at account names/group names - SIDs mean nothing.
> As long as the domain and te usernames remain the same it
> shouldn't be an issue.
>
>
> On 1/18/06, Jen hen <jen.work@xxxxxxxxx> wrote:
>
> to migrate a complete citrix
> farm to a new AD forest? There will be trusts between
> forests. The farm is not yet productional, so it can take a
> few hick-ups.
>
>
> Currently all the
> infrastructure pieces are 4.0 but the PS servers are 3.0 with
> SP 2005.04.
>
> Thanks!
> Jennifer Henske
*****************************************************************************
This email and its attachments are confidential and are intended for the above
named recipient only. If this has come to you in error, please notify the
sender immediately and delete this email from your system. You must take no
action based on this, nor must you copy or disclose it or any part of its
contents to any person or organisation. Statements and opinions contained in
this email may not necessarily represent those of Littlewoods Shop Direct Group
Limited or its subsidiaries. Please note that email communications may be
monitored. The registered office of Littlewoods Shop Direct Group Limited is
100 Old Hall Street Liverpool L70 1AB registered number 5059352
*****************************************************************************
This message has been scanned for viruses by BlackSpider MailControl -
www.blackspider.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
