I'm in the process of rebuilding my Windows Server Active Directory user accounts on a Stand Alone Zentyal primary server because over time lots of junk accounts and groups and GPO have piled on to the AD. I have created a powershell script that can add a new user with all the attributes that I want to include using LDAP protocol but one and the most important attribute that I cannot set or even update is the Security Identifier (SID), alias name objectSID. Everytime I try to set or change the value I always get a error message stating that the server is unwilling to make the change.
I have to be able to set this attribute value to match the value existing in the Windows Active Directory server because if this value changes than every user will get a new Windows user profile created when they sign into their computer with their Windows domain account.
How can I set the SID attribute to a value I need instead of the system auto creating a new value?