When using the Domain Migrator to migrate users from a Microsoft Windows NT 4 domain to a Microsoft Windows 2000 domain, an option can be enabled to track the SID history to retain access to files and folders without translating security. This option is available on the User Account and Group Options form of both the Process Driven Migration and the Migrate User Accounts and Groups individual migration task.
There are several configuration requirements that must be enabled to implement this feature. If the "Add source accounts SID to target accounts SID History" option is not available, please verify the following elements:
On the source domain controller (where the EA Server is installed), create a REG_DWORD value: TcpipClientSupport in HKLM\System\CurrentControlSet\Control\LSA and set the value to 1.
Reboot the domain controller.
To Enable Auditing of User/Group Management Events for Windows 2000 Server Build 2072:
In the Active Directory Users and Computers MMC Snap-in, select the target domain Domain Controllers container, right-click, and choose Properties.
Select the Group Policy tab. Highlight the Default Domain Controllers Policy and click Edit.
Expand Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy and enable auditing of success and failure for Audit Account Management. This policy may take up to 15 minutes to update.
Verify that auditing has been enabled by viewing the EFFECTIVE audit policy in the Group Policy MMC Snap-in. After Beta 3, a unique audit event will be created for the update of the SIDhistory attribute.