The normal use of sidHistory during an AD migration is to allow the new object in the target domain to access resources in the source domain that were permissioned via the source sid, correct?
I am trying to test the opposite scenario and doesn't appear to work so far, but want to validate if this even should work or not and haven't found much in the way of researching this question..... we have a migration tool in place that is synching objects between the 2 domains and at this point has written the sid of the source User into the sidHistory of the TargetUser.
the user in this case is still logging in with their source account. If I were to assign permissions to a file share or sharepoint for example to the target user object...... should the source user be able to access it? My theory was the app should recognize the sid of the requesting object matches the sidHistory of the object in its ACL, so should allow it, but that is not what I am seeing.
