DSGET when group contains cross forest objects - get "CN=<sid>,CN=ForeignSecurityPrincipals"

Discussion in 'Active Directory' started by Matthew M \(UK\), Mar 13, 2007.

  1. Matthew M \(UK\)

    Matthew M \(UK\) Guest

    Hi,

    When i use DSGET on a group which has members from another forest, i recieve
    the following:

    "CN=<sid>,CN=ForeignSecurityPrincipals,DC=domain,DC=domain"

    Is there anyway i can get the friendly name shown in the ADUC?

    Thanks
    Matthew
     
    Matthew M \(UK\), Mar 13, 2007
    #1

    1. Advertisements

  2. Matthew M \(UK\)

    Joe Richards [MVP] Guest

    Not with DSGET. The FSP has to have the SID resolved which is not
    something DSGET is set up to do.

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm
     
    Joe Richards [MVP], Mar 18, 2007
    #2

    1. Advertisements

  3. Matthew M \(UK\)

    Santa Guest

    Hi Joe

    I'm also having the same issue. In my ADUC i dont get any users from
    external domain in friendly names.

    Any idea?

    San
     
    Santa, Apr 8, 2007
    #3
  4. Matthew M \(UK\)

    Joe Richards [MVP] Guest

    Broken trust is the most likely cause.

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm
     
    Joe Richards [MVP], Apr 10, 2007
    #4

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Mapping user objects to other user objects in trust forest

  2. Forest trust between 2000 forest and 2003 forest.

  3. Unable to run dsquery / dsget for large number of group members

  4. Cross Forest Trust - The domain controllers required to find the selected objects in the following d

  5. Help using Dsget to list compuetrs in group

  6. dsget group -member returns wrong number of members

  7. Getting group members of group on Domain A that contains users on Domain B

Loading...