Active Directory: Map a domain user with a username from ForeignSecurityPrinciple group and check if user is part of another specific group RRS feed

  • Question

  • Hi everybody,

    I have this problem: we try to authenticate a user against an Active Directory that uses ForeignSecurityPrinciple to map users from different domains.

    We have several groups that are stored inside a single domain and users that are coming from different domains.

    The problem we have here is that we cannot get the real user name from ForeignSecurityPrinciple.

    We tried to use the guidelines from here:


    but with no luck.

    When we tried to edit the entry for group that had 3 members, we found this next to the member field:

    CN = S-1-5-21-other numbers, CN=ForeignSecurityPrinciple; DC=DomainName, DC=local

    Do you have other solutions for retrieving the username against Active Directory using ForeginSecurityPrinciple ?

    Is there any recommendation for using that?

    Thanks a lot in advance,


    Andrei Petrut

    • Moved by Amanda Zhu Wednesday, May 15, 2013 5:22 AM not VS general forum issues and not sure which appropriate forum this thread can be moved to
    Tuesday, May 14, 2013 8:56 AM


  • We have managed to find the solution: instead of getting the username from objectSID we used another approach: we firstly get user object from corresponding domain and user object contains objectSid ... then we just get the group from the domain where groups are defined and check if there is such member (with corresponding objectSid).

    Andrei Petrut

    • Marked as answer by AndreiPetrut Wednesday, May 15, 2013 7:49 AM
    Wednesday, May 15, 2013 7:49 AM