LookupAccountSID is returning incorrect domain name

Question

MSDN says: LookupAccountSid function returns the name of the first domain on which SID is found.

If a User is migrated to domain B from domain A and we query the old SID of user by using LookupAccountSid function from any machine of domain A, we get domain name of domain A instead of domain B.

It seems that even after migrating the user, Active directory is keeping user info on domain A. This problem is not resolved even after restarting the machines of domain A including domain controller.

I need name of new domain of User. Can you suggest how to resolve this issue?

Answer 1

The most Win32 API are designed to work in the environment where one account has one sid. Active Directory supports sidHistory attribute which can save additional SIDs. If you would use Active Directory API (for example ADSI) or LDAP API you can find the main users name, primary SID and all ather attributes which you need.

The most problem in answering on your question is that you don't describe the domain migration scenario which are planned and used in your organisation. When you plan to switch off the old domains controllers? Do you plan to clear the old SIDs saved in the file system, shares or in the registry?

It is important to know the full domain migration scenario, so that the program which you now write will continue to work on the next steps of domain migration. I recommend you to speak with administrators or the project manager of the domain migration project of your organization to understand what is exactly planned to do.