When looking up the NTFS permissions of a file or security descriptor of an object, some entries are displayed twice (duplicate entry for a user in ACL).
This happens when an object has been migrated with SID history. This is a known Microsoft issue.
A simple explanation could be that if you query the target Domain Controller, it resolves the source user's SID to target user account. This happens because this account owns this attribute as SID history. Source user's SID belongs to target account and is displayed (resolved) as target account.
This can be reproduced when adding a source user manually to NTFS permissions on a file, in target domain. If this user was migrated with SID history, it will be immediately displayed as target user.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center