• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 585
  • Last Modified:

Unknown Active Directory members

When I query Windows 2003 Server Active Directory on our domain controller, there are members that I didn't add and that aren't in the built-in groups.  They have  a red curved arrow pointing upwards next to them:  Terminal Server User, Network, System, This Organization, etc. Where do these accounts come from?  What does the red arrow indicate?
  • 2
1 Solution
Toni UranjekConsultant/TrainerCommented:

These are built in accounts or special groups. They are part of your domain by default.
On the other hand red arrow might indicate that group is from another (I believe trusted ) domain.


i think that red arrow means, that the account is disabled!
Right click one account and check if u can click "Enable"

When they are Disabled...they cannot be getting dangerous or something else....but normally that are groups getting created from other software...like citrix...
The 'shortcut'-style icon indicates that it's a foreign-security-principal (FSP).  These well-known groups are added on-demand when the Active Directory database determines a need for them to exist outside of purely code ... for example, when a well-known group is added to a regular group, an FSP is created (the well-known group 'Everyone' is but one example and is quite often represented within the database by an FSP).

This is normal behavior.
... FWIW and if you're able to access the site, I wrote a series of articles on this topic, it's available here -


... if you can't read that -- sadly, there's no really short answer to describe their entire purpose in life but, in addition to what I've already mentioned, they also serve to represent security-principals from trusted domains (but only those tusted domains whose security-principals CANNOT be resolved against a forest-local GC -- i.e. across external trusts, forest trusts or realm trusts).

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now