I would look at the SID History attribute on the accounts. Most likely you migrated the users with some tool that knows how to populate SID history and that is being resoved into group memberships.
You can use ldp and I believe it will decode SIDHistory to readable SID's, if not you can use adfind from www.joeware.net and it will decode SIDHistory to readable SID's and then you can try and chase where they came from. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Sent: Sunday, July 20, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Duplicate group memberships couple of days ago I noticed some strange things in our active directory: there are two accounts, one user account and a machine account, that are listed twice as members of domain users respectively domain computers. I always believed this was impossible under every circumstances, but this proved me wrong. every tool I use, including MS's 'Active Directory Users and Computers' gives me duplicate entries for the account membership lists as well as for the group members lists. since I could not find a way to reproduce this on another account, I suppose it must have happened during migration from win nt 4.0. so, does anyone else have experienced this phenomenon or does anybody know the real reason for this? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
