1609510 - Problems with AD users when mapping groups that exist in multiple forests or domains

• All steps followed for multiple forest best practices in KB 1323391
• Problem is intermittent works some times and fails mostly
• Group was migrated from remote forest to local forest
• Group in local forest has a sidHistory value which is the same as the group SID in the remote forest. This is a normal condition when an AD group is migrated using ADMT (Active Directory Migration Tool) and other tools like it.
• login problems import wizard problems LCM problems errors in event viewer
• graph update errors in CMS tracing and event viewer logs
• Error "Could not locate a DC for domain" may occur as the product queries the wrong domain
• Error "Active Directory Authentication failed to verify one or more of the mapped groups" & "The following groups could not be verified"

• Problem could occur in all XI 3.1 environments with active directory integrated using multiple forest and having migrated groups (or a sidhistory that = a sid for any group)
• This issue has also occurred in BI 4.0 environments as well

zie domains trust sid history ADAPT 01545484 1545484 , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem