[THIN] Re: How crazy would it be....
- From: "BRUTON, Malcolm, FM" <Malcolm.BRUTON@xxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Fri, 20 Jan 2006 09:17:45 -0000
Correct. Not my best explanation in the world.
Neil you don't have any clue about my XML question yesterday?
Seems to be rather quiet on that front....
Malcolm
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Braebaum, Neil
Sent: 20 January 2006 09:11
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: How crazy would it be....
Using sid history doesn't mean a group / user in a new domain has the same
sid as one in a legacy domain.
It means the sid from the legacy domain is "tagged" onto the object in AD.
The new group / user, has a brand new sid in the new domain, though, and a
potential number of legacy SIDs tagged to the object, that can be presented
if required, to legacy domains.
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of BRUTON, Malcolm, FM
> Sent: 20 January 2006 08:52
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: How crazy would it be....
>
> You are talking about using SID history which is slightly
> different. Using SID history mean that groups or users will
> have the same SID in either domain. Citrix uses the SID
> rather then the names of groups as should most apps. If you
> are simply moving apps or servers form one domain to another
> without using SID history, then the same group name in each
> domain will have a different SID, and you will have to
> repermission any resources so they use the new SID.
> Malcolm
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Kwaj Dude
> Sent: 19 January 2006 21:19
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: How crazy would it be....
>
>
> What we recently ran into is groups were migrated from
> one domain to another keeping the SID. Worked great for
> access to shares/folders based on group membership, totally
> didn't work with published apps access based on group
> membership. Perhaps it does track SIDs, but based on the
> behavior that we observed it certainly didn't fly with
> migrating across domains.
>
>
> On 1/18/06, BRUTON, Malcolm, FM
> <Malcolm.BRUTON@xxxxxxxx> wrote:
>
> I'm not sure that statement is right.
> If you rename a group in AD it
> will update it to the new name in the CMC on published apps.
> Therefore it must be using the SID. Best way is to test it....
> You can have a farm in multiple
> domains at once. You obviously just need to be careful with
> permissioning the right resources from each domain.
> I have seen issues with RM that
> is split between domains (an NT4 domain and an AD domain)
> where not everything works. Such as, you lose the ability to
> run some reports in the CMC based on group membership and you
> must run it only individual user accounts instead.
> Hope this helps
> Malcolm
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Kwaj Dude
> Sent: 18 January 2006 02:05
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: How crazy would it be....
>
>
> As far as published apps go, Citrix
> only looks at account names/group names - SIDs mean nothing.
> As long as the domain and te usernames remain the same it
> shouldn't be an issue.
>
>
> On 1/18/06, Jen hen <jen.work@xxxxxxxxx> wrote:
>
> to migrate a complete citrix
> farm to a new AD forest? There will be trusts between
> forests. The farm is not yet productional, so it can take a
> few hick-ups.
>
>
> Currently all the
> infrastructure pieces are 4.0 but the PS servers are 3.0 with
> SP 2005.04.
>
> Thanks!
> Jennifer Henske
****************************************************************************
*
This email and its attachments are confidential and are intended for the
above named recipient only. If this has come to you in error, please notify
the sender immediately and delete this email from your system. You must take
no action based on this, nor must you copy or disclose it or any part of its
contents to any person or organisation. Statements and opinions contained in
this email may not necessarily represent those of Littlewoods Shop Direct
Group Limited or its subsidiaries. Please note that email communications may
be monitored. The registered office of Littlewoods Shop Direct Group Limited
is 100 Old Hall Street Liverpool L70 1AB registered number 5059352
****************************************************************************
*
This message has been scanned for viruses by BlackSpider MailControl -
www.blackspider.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
***********************************************************************************
The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered
Office: 36 St Andrew Square, Edinburgh EH2 2YB.
Authorized and regulated by the Financial Services Authority
This e-mail message is confidential and for use by the
addressee only. If the message is received by anyone other
than the addressee, please return the message to the sender
by replying to it and then delete the message from your
computer. Internet e-mails are not necessarily secure. The
Royal Bank of Scotland plc does not accept responsibility for
changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the
transmission of viruses, it is the responsibility of the recipient to
ensure that the onward transmission, opening or use of this
message and any attachments will not adversely affect its
systems or data. No responsibility is accepted by The Royal
Bank of Scotland plc in this regard and the recipient should carry
out such virus and other checks as it considers appropriate.
Visit our websites at:
http://www.rbos.com
http://www.rbsmarkets.com
********************************************************************************
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
