Tuesday, April 19, 2011

Removing SID History

Found this small utility I wrote a few years back to clean up Active Directory (AD) account SID History.  Those who are managing AD and went through AD migration will probably be familiar with SID and SID History.

I am not going to write a long entry about SID and SID History since you can easily find a lot information on the Internet.

If you need to remove SID History after the migration, you can try this out.


You will need to have .Net Framework 2.0 installed in order to use this utility.  Unzip the zip file to a folder and run the sidHistory.exe.  Although I can claim that there is no virus/malware/spyware or whatever ware, please scan it.

Below is a screen shot of the interface.

  1. Logon using a credential which has the right to remove SID History.  By default, Domain Admin will have the right to do that.  If you only want to view the SID History, you can use any account.
  2. Click on the “Connect to AD” button to connect to your AD.  This will list out your AD structure using a tree view control.
  3. Select from the tree view, the OU or Container where you want to start searching for SID History.  Click on the “Search for sidHistory” button to start searching.  The “sidHistory Search” status will tell you how many sidHistory were found.
  4. Accounts with sidHistory found will be listed under the sidHistory list view (the right pane).
  5. To remove sidHistory, select the sidHistory (you can multiple select by holding down the Ctrl key while selecting) and click on the “Remove sidHistory” button.
  6. Log file will be created in the folder where the executable resides.


Always test with a few accounts first Smile

No comments: