Can I remove the Foreign Security Principal ?

Toggle sidebar Toggle sidebar
N

Norman

Distinguished
Mar 1, 2003
63
0
18,630
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

Hi,
From ADUC I saw that we have 2-3 hundreds of user "readable" names and
S-1-123-xxxxxxxxxxx ( SID ? ). Is it save to remove ( delete ) them ? Our
domain is migrated from NT4 using ADMT and all re-acling have been
completed. Why these objects exist there ??

Norman
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.windows.server.active_directory (More info?)

"Norman" <GeorgeNorman@hotmail.com> wrote in message
news:#epDH8nKFHA.1136@TK2MSFTNGP10.phx.gbl...
> Hi,
> From ADUC I saw that we have 2-3 hundreds of user "readable" names and
> S-1-123-xxxxxxxxxxx ( SID ? ). Is it save to remove ( delete ) them ? Our
> domain is migrated from NT4 using ADMT and all re-acling have been
> completed. Why these objects exist there ??

They are likely left over from (now missing/deleted)
trust relationships.

If they are no longer in use (no ACLs or other access
for real users based on them) then you can delete them.

If they cannot be resolved and the trusts will never be
recreated they are likely useless to you.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom