Directory and Authentication / How can I change a user's SID value
« on: July 18, 2023, 03:29:33 pm »
I'm in the process of rebuilding my Windows Server Active Directory user accounts on a Stand Alone Zentyal primary server because over time lots of junk accounts and groups and GPO have piled on to the AD. I have created a powershell script that can add a new user with all the attributes that I want to include using LDAP protocol but one and the most important attribute that I cannot set or even update is the Security Identifier (SID), alias name objectSID. Everytime I try to set or change the value I always get a error message stating that the server is unwilling to make the change.

I have to be able to set this attribute value to match the value existing in the Windows Active Directory server because if this value changes than every user will get a new Windows user profile created when they sign into their computer with their Windows domain account.

How can I set the SID attribute to a value I need instead of the system auto creating a new value?

I've read in the Zentyal 7 document that you can only do a total migration to Zentyal server only up to Windows Server 2008, is this true? I am currently running Windows Server 2012 R2 and want to completely get rid of the Windows server and only run Zentyal server as my Domain controller to run DHCP, DNS, and Active Directory services.

Can someone please tell me if I can do this?

