Does SID for a windows account (local, domain, Active Directory) ever changed once an account is created? If yes, under what conditions.
+1
A:
Yes it can change when you migrate an account to a new domain.
That's what the SidHistory attribute in your AD account is for - you can look up all previous SIDs for that account.
See http://msdn.microsoft.com/en-us/library/ms679833%28VS.85%29.aspx for more details on the SidHistory attribute in AD.
marc_s
2010-07-21 07:35:27
Its is sad @marc_s that SIDs change. I've found from another question that there is `object-guid` in active directory records which never changes unless done manually or account recreated. Does such a thing exists for windows accounts (local or domain)?
TheVillageIdiot
2010-07-21 07:40:51
@TheVillageIdiot: SID's are based (in part) on the domain SID, therefore, if you move an account from Domain A to Domain B, its SID has to change - no way around that. As long as you only have a single domain, this is not an issue. And yes - Active Directory accounts (domain accounts) have an `objectGUID` property.
marc_s
2010-07-21 08:18:55