How do I disable SID filtering for my source and target domains? (NETIQKB51925)

goal
How do I disable SID filtering for my source and target domains?

goal
How do I configure my Windows 2000/2003 domains to allow SIDHistory to migrate?

fact
Domain Migration Administrator 6.x

fact
Domain Migration Administrator 7.x

symptom
SIDHistory is not migrating into my target native mode domain.

cause
Although your target domain is running in native mode, SID filtering may be turned on, which prevents SIDHistory migration. By default, Windows 2000/2003 domains enable SID filtering during the creation of External Trusts.

fix

If SID filtering is enabled, use the following procedure to disable it. To complete this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory.

To disable SID filtering for the trusting domain:

1. Open a Command Prompt.
2. Enter the following command:

Netdom trustTrustingDomainName /domain:TrustedDomainName /quarantine:No /usero:domainadministratorAcct /passwordo:domainadminpwd

note
You can enable or disable SID filtering only from the trusting side of the trust. If the trust is a two-way trust, you can also disable SID filtering in the trusted domain by using the domain administrator?s credentials for the trusted domain and reversing the TrustingDomainName and TrustedDomainName values in the command-line syntax.

Formerly known as NETIQKB51925