Does SID for a windows account (local, domain, Active Directory) ever changed once an account is created? If yes, under what conditions.
Asked
Active
Viewed 1,135 times
1 Answers
3
Yes it can change when you migrate an account to a new domain.
That's what the SidHistory attribute in your AD account is for - you can look up all previous SIDs for that account.
See http://msdn.microsoft.com/en-us/library/ms679833%28VS.85%29.aspx for more details on the SidHistory attribute in AD.
marc_s
- 732,580
- 175
- 1,330
- 1,459
-
Its is sad @marc_s that SIDs change. I've found from another question that there is `object-guid` in active directory records which never changes unless done manually or account recreated. Does such a thing exists for windows accounts (local or domain)? – TheVillageIdiot Jul 21 '10 at 07:40
-
@TheVillageIdiot: SID's are based (in part) on the domain SID, therefore, if you move an account from Domain A to Domain B, its SID has to change - no way around that. As long as you only have a single domain, this is not an issue. And yes - Active Directory accounts (domain accounts) have an `objectGUID` property. – marc_s Jul 21 '10 at 08:18