Groups do not migrate correctly. (NETIQKB52599)

fact
Domain Migration Administrator 7.2

symptom
Groups do not migrate correctly.

symptom
Map and Merge Groups is merging on two different groups at the same time.

cause
NetIQ Technical Support has identified this as a known issue with the current release of DMA. A group name has been entered in the Target Group Selection screen of the Map and Merge wizard rather than using the browse functionality to merge on an existing group. The wizard uses the previously cached value from the last run of the Map and Merge Groups wizard during the current migration session. DMA will find the target group that has the matching CN, but then merges the SID history and group membership onto the account with the matching SID of the previous migration, causing multiple source groups to merge onto a single target group. 

fix

To avoid this problem, use the Browse button to select the target group to merge.

If this issue has already occurred, try one of the following procedures:

• If the target group has not yet been assigned any permissions to the target AD or other domains, delete the target groups and rerun the Map and Merge process.
• If the target group has been assigned permissions, cleanup the properties of the existing target groups. You might only need to remove unwanted group members, or, if SID history was migrated, you will need to remove SID histories from the object. You can use a VBScript to clear the entire SID history property so the correct sidHistory can be remigrated using the Map and Merge Groups wizard. A VBScript to clear sidHistory can be found in the following Microsoft knowledge base article: How To Use Visual Basic Script to Clear SidHistory at http://support.microsoft.com/default.aspx?scid=kb;en-us;295758.

Formerly known as NETIQKB52599