-
제목
Foreign Security Principle members cannot be deleted. -
설명
If a foreign security principle member is added from an alternate forest into a group on the source domain, then it may sync in a group to a target domain ok. The user member will remain in the group, but if the user is deleted from the source group, it will not delete off the target membership.
-
원인
The product currently does not support this use case. Product tried to add the FSP from the source in the target as FSP using the ObjectSID which AD ends up resolving to the users.
The FSP also can't be matched to the target user object which is why it can not be removed. Trying to remove the FSP using the FSP information in the FSP container leaves the product to believe the member was added as FSP, however, AD reports the object does not exist.
-
해결 방안
N/A A workaround must found by the migration planner.