Hey guys, I have a question

I have a Windows 2000 DC running in vmware on one of my pc's and i've been toying with the active directory schema and SIDs, basically my idea is this

If you create a user in active directory then assign permissions to this new user to a file or folder and go back into active directory and deleate the user, the permissions are still set to the users old SID and show up in the secuity window of the file or folder. I have seen applications that can modify active directory to enable the reuse of used SIDs. I assume this would mean that if I created a new user and it obtained the same SID as our first user then he would recive the same permissions? I have read a couple of articles on this but haven't seen a proof of concept yet so I am wondering if anyone has one? Also I'm wondering about the possibility of overwriting SIDs that are in use? prehaps an exploit that was able to change a regular users accounts sid to that of something in the administrators group, or prehaps even the administrator himself.
Also wondering if anyone has any idea about how to defend against this sort of attack?

cheers

Memnoch