none
Delete objects from ForeignSecurityPrincipals container?

    Question

  • Hello,

    Our customers domain ForeignSecurityPrincipal container contains multiple objects. I know
    that these objects "represent security principals from trusted domains external to the forest, and allow foreign security principals to become members of groups within the domain."

    Several years ago this applied to our customers environment. Their current domain once trusted to few external domains. These trusted external domains no longer exist.

    In FSP container of their current domain, I can see objects which domain SID portion is one of three different possibilities. None of these domain SIDs match domain SID of the current domain. I suppose this means that once in a history, this domain trusted to three external domains. Is this correct assumption?

    In FSP container there is also objects

    S-1-5-11
    S-1-5-17
    S-1-5-4
    S-1-5-9

    All objects have red curved arrow in icon's top right corner.

    Is it safe to delete all these objects from FSP container providing that external domains no longer exist?

    Monday, November 28, 2016 12:10 PM

All replies