Resolution
Global Groups or Users appear twice as members of a Local Group, in the Access Control List (ACL) of a folder, on the User Profile list, or on the Permissions tab of an Exchange 5.5 mailbox.
cause
This phenomenon is described Microsoft in TechNet article 307521 'An Access Control Entry May Seem to Be Displayed Incorrectly with the sIDHistory Attribute'. In this scenario, it is by design that the operating system resolves the account to its Windows 2000 account name (targetdomain\account). This is not changed in Service Pack 3. http://support.microsoft.com/default.aspx?scid=kb;EN-US;307521
This is a known issue that accounts appear as duplicates of the target account when the account has been migrated with sIDhistory and security translation has been performed on the resource. The two accounts that appear as duplicates actually have two different SIDs (one is the source account and one the target), but the Operating System resolves these accounts as target domain SIDs (targetdomain\userx). However, access is maintain as expected.
fix
Although a fix for this issue is not necessary, you will see that this condition no longer exists when sIDhistory is removed. Also, when viewing the resource from an NT 4.0 machine, you will see the accounts correctly (one is the source account and one the target).
note
For a similar issue, refer to Microsoft TechNet article 266673, which is resolved in Service Pack 3. http://support.microsoft.com/default.aspx?scid=kb;en-us;266673
note
Please contact Technical Support to create a 'Support Request' for any issues you encounter that are not addressed by the User Guide, any Knowledge Base articles found on the website, or current Hotfixes available for download.