zarkatech

Regarding the sIDHistory EoP vulnerability and the proper use of SID
filtering... Are there any scenarios (supported or not) where SID
filtering could be applied to Win2k3 native domains within the same
forest? What if the quarantined domain were simply a resource domain
with no user accounts? What specifically are the implications
regarding AD replication? Can the sIDHistory attribute be removed
(not just cleared) so that it cannot be used? If at all possible, I'm
trying to avoid creating a separate forest. Any advice appreciated.
RjZ