Can I remove the Foreign Security Principal ?

[Norman]

Hi,
From ADUC I saw that we have 2-3 hundreds of user "readable" names and
S-1-123-xxxxxxxxxxx ( SID ? ). Is it save to remove ( delete ) them ? Our
domain is migrated from NT4 using ADMT and all re-acling have been
completed. Why these objects exist there ??

Norman

 

[Herb Martin]

Hi,
From ADUC I saw that we have 2-3 hundreds of user "readable" names and
S-1-123-xxxxxxxxxxx ( SID ? ). Is it save to remove ( delete ) them ? Our
domain is migrated from NT4 using ADMT and all re-acling have been
completed. Why these objects exist there ??

They are likely left over from (now missing/deleted)
trust relationships.

If they are no longer in use (no ACLs or other access
for real users based on them) then you can delete them.

If they cannot be resolved and the trusts will never be
recreated they are likely useless to you.