I have always had a distaste for in-place upgrades, but as long as you don't mind the extra work of transferring the FSMO roles to new cleanly built DCs, (scrubbing the old NT4 DCs in the process) then you avoid the SIDhistory thing. Personally, I have not had problems with SIDhistory.
In light of the size and structure of our existing NT4 domains, we opted to migrate using NetIQ and ADMT2 into a pristine forest and yes, we used SIDhistory.
As for the comments of staying with NT4, I think it is just foolish talk. I am quite certain that after the end-of-life for NT4, the virus writers will have a field day, knowing that exposed vulnerabilities will only be fixed by M$ upon reciept of a $100,000.00 purchase order.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
