Resolution
fact
NetIQ Vulnerability Manager 5.5
NetIQ Secure Configuration Manager 5.6
symptom
Some users are missing from the Powerful Users security checkup report.
symptom
Users who have their primary group set to Domain Admins in Active Directory do not show up in the Powerful Users security check.
symptom
The Powerful Users security check does not find users whose AD primary group is set to Domain Admins.
cause
Primary users and group users are enumerated separately and the Powerful Users security check does not support the primary users.
fix
When you run the Powerful Users built-in security check, users who belong to the Domain Admins group and have their primary group set to Domain Admins do not show up in the report even though they are members of Domain Admins. To resolve this issue, set the primary group to Domain Users for all users in the Domain Admins group.
note
According to the following Microsoft article:
"The user's primary group applies only to users who log on to the network through Services for Macintosh or who run POSIX-compliant applications. Unless you are using these services, there is no need to change the primary group from Domain Users, which is the default value."