I have the following problem.
We currently have an AD user in use, which has been defined as local administrator for some Active Directory OUs. In the meantime, the concept we came up with at that time has become obsolete, as it has some disadvantages.
To simplify administration, we would now like to split it up in such a way that there should be a separate administration user for each individual OU.
OU1 -> AD account 'Admin1'
OU2 -> AD account 'Admin2'
etc.
Since the user was logged in on several PCs/notebooks and also some programs were set up for this user, we would not like to lose the settings made so far (Registry, in the Windows file system etc.) and thus want to start completely from scratch.
I came across the tool ForensiT, which also offers the possibility of user migration.
After reading the documentation, I am not sure if the tool could split the user into different users and adjust the objectSID on selected PCs so that the settings of the previous administrator user are transferred to the new admin AD user.
You could possibly do it in such a way that you first define the user for a certain OU as local (via ForensiT), then you lift the user there again into the AD via ForensiT, but let the SID be adjusted in the process. This way the new user should be assigned a new SID in AD and on the affected clients of the OU.
Could this work?
Has anyone here ever faced a similar problem and been able to solve it? Maybe there are other tools or Windows on-board resources that could implement the task.
I would be grateful for any help.
Kind regards
Thomas
