Resolution
fact
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
symptom
ForeignSecurityPrincipals cannot be displayed or managed by Directory and Resource Administrator.
symptom
Group memberships display differently than Native Tools.
symptom
Customer migrated users accounts from a NT4 domain maintaining SID history during the migration. This was done using the DMA product. The NT4 domain has been dismantled and no longer exists. Using Native Tools, ADU&C, shows group memberships that may contain more members than when viewed with the DRA client. The missing members are determined to be ForeignSecurityPrincipal objects. Since DRA does not display ForeignSecurityPrincipals, they cannot be deleted from the group using the DRA clients.
cause
DRA does not support ForeignSecurityPrincipal objects.
fix
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
symptom
ForeignSecurityPrincipals cannot be displayed or managed by Directory and Resource Administrator.
symptom
Group memberships display differently than Native Tools.
symptom
Customer migrated users accounts from a NT4 domain maintaining SID history during the migration. This was done using the DMA product. The NT4 domain has been dismantled and no longer exists. Using Native Tools, ADU&C, shows group memberships that may contain more members than when viewed with the DRA client. The missing members are determined to be ForeignSecurityPrincipal objects. Since DRA does not display ForeignSecurityPrincipals, they cannot be deleted from the group using the DRA clients.
cause
DRA does not support ForeignSecurityPrincipal objects.
fix
This behavior is by design. Directory and Resource Administrator (DRA) does not currently support ForeignSecurityPrincipal objects.
The next release of DRA (version 8.0) will support ForeignSecurityPrincipal objects.
Additional Information
Formerly known as NETIQKB51312