The Active Directory Migration Tool allows you to change Microsoft Exchange Security Descriptors that reference one user account or group in a source domain to reference another user account or group with the same name in a target domain. This product processes Security Descriptors on Exchange mailboxes, distribution lists, custom recipients, organizations, sites, and containers, as well as the primary Windows NT account for each mailbox.
When you copy a user account or group from domain A to domain B, a new account is created in domain B. This new account has the same name as the original account in domain A, but this new account has a different SID. The Active Directory Migration Tool changes the Security Descriptors for Exchange mailboxes, organizations, sites, and containers to refer to the SID for the new account in domain B. This process ensures the new user account or group provides the same access to Exchange components that the original user account or group provided.
If the Active Directory Migration Tool finds a SID from the source domain that it cannot resolve, such as a SID for a user account that does not have a matching user account in the target domain, the Active Directory Migration Tool leaves the SID unchanged.