Translate Security by Using a SID mapping File

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To translate security so that permissions that are granted to the source account or group are now granted to the target account or group, use a SID mapping file to associate the two accounts. The SID mapping file is a comma-separated-value (CSV) format file that lists pairs of accounts in either a Windows NT account name (domain\name) format or a SID format. The account on the left side of the file is the source account, and the account on the right side of the file is the target account. ADMT security translation translates security from the source account to the target account.

To use a SID mapping file, you must run ADMT from the command line. The parameter is /SMF. The full command looks similar to the following:

ADMT SECURITY /N "computer_name" /SMF:"sid_mapping_file_path"

A large SID mapping file can take hours to load on the computer that is running ADMT. If the computer that is running ADMT is also an Active Directory domain controller, this problem may affect the performance of that domain controller. For more information and a hotfix to help alleviate this problem, see article 842533 in Microsoft Help and Support at https://go.microsoft.com/fwlink/?LinkId=74264.