SAP Knowledge Base Article - Preview

1609510 - Problems with AD users when mapping groups that exist in multiple forests or domains


  • All steps followed for multiple forest best practices in KB 1323391
  • Problem is intermittent works some times and fails mostly
  • Group was migrated from remote forest to local forest
  • Group in local forest has a sidHistory value which is the same as the group SID in the remote forest. This is a normal condition when an AD group is migrated using ADMT (Active Directory Migration Tool) and other tools like it.
  • login problems import wizard problems LCM problems errors in event viewer
  • graph update errors in CMS tracing and event viewer logs
  • Error "Could not locate a DC for domain" may occur as the product queries the wrong domain
  • Error "Active Directory Authentication failed to verify one or more of the mapped groups" & "The following groups could not be verified"



  • Problem could occur in all XI 3.1 environments with active directory integrated using multiple forest and having migrated groups (or a sidhistory that = a sid for any group)
  • This issue has also occurred in BI 4.0 environments as well


SAP BusinessObjects Enterprise XI


zie domains trust sid history ADAPT 01545484 1545484 , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.