Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Foreign Security Principals
Foreign Security Principals [message #413032] Tue, 16 March 2010 10:02 Go to next message
TPGBrennan  is currently offline TPGBrennan
Messages: 10
Registered: August 2009
Junior Member
The documentation I can find shows that Authenticated Users should reside in
the cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain.
However, there is also an object named Authenticated Users in the
ForeignSecurityPrincipals containers. Because the documentation stated the
important Authenticated Users was in the WellKnown Security Principals
container we deleted everything int he ForeignSecurityPrincipal container; at
one time we had external trusts to two other domains and had more than 80,000
FSPs, those trusts are now long gone so we wanted to clean up AD. This broke
several apps and proved the Authenticated Users in the
ForeignSecurityPrincipals container was THE Authenticated Users object. Is
there any documentation explaining the relationship between these two
containers?
Re: Foreign Security Principals [message #413742 is a reply to message #413032] Wed, 17 March 2010 06:13 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Did this break apps for all users, or only for users that were migrated to
this domain (Or a machine that was migrated)? This sounds like some type of
a sidHistory issue and the Authenticaetd Users within the FSP was for the
migrated users or a workstation/server that holds the data.

--
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewGroups. This
posting is provided "AS IS" with no warranties and confers no rights.
"TPGBrennan" <TPGBrennan@discussions.microsoft.com> wrote in message
news:731F8C98-3CAB-468D-A91C-63F3CA8C2C58@microsoft.com...
> The documentation I can find shows that Authenticated Users should reside
> in
> the cn=WellKnown Security Principals, cn=Configuration,
> dc=<forestRootDomain.
> However, there is also an object named Authenticated Users in the
> ForeignSecurityPrincipals containers. Because the documentation stated
> the
> important Authenticated Users was in the WellKnown Security Principals
> container we deleted everything int he ForeignSecurityPrincipal container;
> at
> one time we had external trusts to two other domains and had more than
> 80,000
> FSPs, those trusts are now long gone so we wanted to clean up AD. This
> broke
> several apps and proved the Authenticated Users in the
> ForeignSecurityPrincipals container was THE Authenticated Users object.
> Is
> there any documentation explaining the relationship between these two
> containers?
Previous Topic:Raising the domain functional level from W2K3 Interim
Next Topic:Testing whether a particular DC is authenticating: LDP
Goto Forum:
  


Current Time: Fri Jan 19 00:43:17 MST 2018

Total time taken to generate the page: 0.03594 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software