How do I disable SID filtering for my source and target domains? (NETIQKB51925)

  • 7751925
  • 02-Feb-2007
  • 17-Jul-2007


How do I disable SID filtering for my source and target domains?

How do I configure my Windows 2000/2003 domains to allow SIDHistory to migrate?

Domain Migration Administrator 6.x

Domain Migration Administrator 7.x

SIDHistory is not migrating into my target native mode domain.

Although your target domain is running in native mode, SID filtering may be turned on, which prevents SIDHistory migration. By default, Windows 2000/2003 domains enable SID filtering during the creation of External Trusts.


If SID filtering is enabled, use the following procedure to disable it. To complete this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory.

To disable SID filtering for the trusting domain:

  1. Open a Command Prompt.
  2. Enter the following command:

Netdom trustTrustingDomainName /domain:TrustedDomainName /quarantine:No /usero:domainadministratorAcct /passwordo:domainadminpwd

You can enable or disable SID filtering only from the trusting side of the trust. If the trust is a two-way trust, you can also disable SID filtering in the trusted domain by using the domain administrator?s credentials for the trusted domain and reversing the TrustingDomainName and TrustedDomainName values in the command-line syntax.

Additional Information

Formerly known as NETIQKB51925