NetIQ Vulnerability Manager 5.5
NetIQ Secure Configuration Manager 5.6
Some users are missing from the Powerful Users security checkup report.
Users who have their primary group set to Domain Admins in Active Directory do not show up in the Powerful Users security check.
The Powerful Users security check does not find users whose AD primary group is set to Domain Admins.
Primary users and group users are enumerated separately and the Powerful Users security check does not support the primary users.
When you run the Powerful Users built-in security check, users who belong to the Domain Admins group and have their primary group set to Domain Admins do not show up in the report even though they are members of Domain Admins. To resolve this issue, set the primary group to Domain Users for all users in the Domain Admins group.
According to the following Microsoft article:
"The user's primary group applies only to users who log on to the network through Services for Macintosh or who run POSIX-compliant applications. Unless you are using these services, there is no need to change the primary group from Domain Users, which is the default value."