DSGET when group contains cross forest objects - get "CN=<sid>,CN=ForeignSecurityPrincipals"

Discussion in 'Active Directory' started by Matthew M \(UK\), Mar 13, 2007.

  1. Hi,

    When i use DSGET on a group which has members from another forest, i recieve
    the following:

    "CN=<sid>,CN=ForeignSecurityPrincipals,DC=domain,DC=domain"

    Is there anyway i can get the friendly name shown in the ADUC?

    Thanks
    Matthew
     
    Matthew M \(UK\), Mar 13, 2007
    #1
    1. Advertisements

  2. Not with DSGET. The FSP has to have the SID resolved which is not
    something DSGET is set up to do.

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm
     
    Joe Richards [MVP], Mar 18, 2007
    #2
    1. Advertisements

  3. Matthew M \(UK\)

    Santa Guest

    Hi Joe

    I'm also having the same issue. In my ADUC i dont get any users from
    external domain in friendly names.

    Any idea?

    San
     
    Santa, Apr 8, 2007
    #3
  4. Broken trust is the most likely cause.

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm
     
    Joe Richards [MVP], Apr 10, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.