Unexpected removal of existing NTFS permissions when adding users/groups

• NetApp ONTAP 
• AFF-C250 (and other ONTAP-based systems)
• CIFS/SMB shares with NTFS security style
• Environments performing Active Directory domain migration 
• Customers migrating data and NTFS ACLs between shares/SVMs

After migrating data and NTFS permissions (ACLs) from a source CIFS share to a destination share in a new domain, administrators observed the following behavior:

• When adding a new user or group to NTFS permissions on a subfolder (using either the Security tab or Advanced Security Settings), existing users/groups are unexpectedly removed from the Security tab.
• This issue is reproducible on the destination share only; it does not occur on the original source share.
• The root of the destination share uses explicit NTFS ACLs with inheritance disabled, similar to the source.
• Example log/behavior:
  • Data and NTFS permissions copied from \\192.168.1.102\share1 (source, SVM: src_svm) to \\192.168.1.155\new_share (destination, SVM: svm-test-fs).
  • After copying, adding a user/group to a subfolder under /new_share removes existing ACEs for other users/groups.
  • ONTAP security traces show no share-level or ONTAP configuration issues.