Unknown SID in ForeignSecurityPrincipals...

Hi!

I identified a lot of SID contained in the ForeignSecurityPrincipals (from
others trusted domains), but I have somes for which I could not find them, do
they could came from other than "trusted" domains?

If not, could we delete them without problem?

I'm asking that since the Administrators group contain two of them
(finishing with -500, -512) and I would like to remove them (always getting
error message when enumerating that group).

Thanks.

Claude Lachapelle
Systems Administrator, MCSE

Hello Claude,

If you remove a trust the old SIDs are not deleted there. You can delte them
manual if youa re sure they are not longer used. In your won domain there
are still some listed there starting with NTAuthority\xxx as readable name.
You can compare the complete shown SID with the objectSID to control if the
object belongs to your domain or a removed trusted domain. ADSIEdit.msc will
help you to find the correct objectSIDs used in your domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi!
>
> I identified a lot of SID contained in the ForeignSecurityPrincipals
> (from others trusted domains), but I have somes for which I could not
> find them, do they could came from other than "trusted" domains?
>
> If not, could we delete them without problem?
>
> I'm asking that since the Administrators group contain two of them
> (finishing with -500, -512) and I would like to remove them (always
> getting error message when enumerating that group).
>
> Thanks.
>
> Claude Lachapelle
> Systems Administrator, MCSE