RE: SIDS show instead of user names

Hi,

I agree with you that we may have a try to reset computer account. Please
let me know the results and I will be glad to provide assistance.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
Thread-Topic: SIDS show instead of user names
thread-index: AcaZ9XofwK8HzIiOS86su0jerifTqA==
X-WBNR-Posting-Host: 136.167.76.86
From: =?Utf-8?B?Q2hhcmxpZQ==?= <baboon@xxxxxxxxxxxxxx>
References: <D97EA440-62A7-48DF-85BF-76B2082048E5@xxxxxxxxxxxxx>
<4cAln0blGHA.4908@xxxxxxxxxxxxxxxxxxxxx>
<4F433889-5407-4A02-8E93-BEBE56FCB18A@xxxxxxxxxxxxx>
<AcQOcYplGHA.5184@xxxxxxxxxxxxxxxxxxxxx>
<EE786F60-D9BF-4CF6-9FDA-E524AA8600F7@xxxxxxxxxxxxx>
<l3Wv5KOmGHA.5164@xxxxxxxxxxxxxxxxxxxxx>
<2E09F3F8-6FCA-4462-ABB7-F1C7C8E72AFE@xxxxxxxxxxxxx>
<Ku5xExcmGHA.2260@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SIDS show instead of user names
Date: Tue, 27 Jun 2006 07:25:02 -0700
Lines: 327
Message-ID: <F031AA96-DC93-4B13-868E-F99427C6AF42@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.win2000.active_directory
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:114651
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.win2000.active_directory

OK, I guess it was worth running sidtoname, if only because it adds to
the
weirdness. It gives an error and reports that the trust relationship has
failed between the domain and workstation. That makes no sense at all
because I can log on with a domain account and I can still add users to
groups and ACLs and administer remotely and there are no errors in the
Event
Logs.

If I look at the same SIDs from my own workstation using sidtoname, I can
resolve them. If I do the same, but append the name of the problem
server, I
get the same error message as above.

Here is some other info:
Speaking of Event Logs, user names show as SIDs until I open an event.
Once
the box opens for the event the user name shows, but only in the
Description
section.
This problem is not 100% consistent; once in a great while I come across
a
user name instead of a SID in a local group, but there are very few and
the
name is always followed by the SID. If I add one of those users to a
different group I get the same result; I see the user name (followed by
the
SID).

Maybe we can simply try removing and rejoining the machine to the domain
or
use Netdom to reset the account (even if it doesn't appear as though it's
needed).

"Vincent Xu [MSFT]" wrote:

Hi,

Honestly, it is a weird issue. The reason I suggest you run sidname is
that
I'd like to make sure the sid can be resolved at the same time you see
SID
in ACL. Please let me know the results in detail (If there are any
error
messages.)

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader
so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
Thread-Topic: SIDS show instead of user names
thread-index: AcaZNhcLx49xnCVqT66a1eAuT/T2Bw==
X-WBNR-Posting-Host: 136.167.76.86
From: =?Utf-8?B?Q2hhcmxpZQ==?= <baboon@xxxxxxxxxxxxxx>
References: <D97EA440-62A7-48DF-85BF-76B2082048E5@xxxxxxxxxxxxx>
<4cAln0blGHA.4908@xxxxxxxxxxxxxxxxxxxxx>
<4F433889-5407-4A02-8E93-BEBE56FCB18A@xxxxxxxxxxxxx>
<AcQOcYplGHA.5184@xxxxxxxxxxxxxxxxxxxxx>
<EE786F60-D9BF-4CF6-9FDA-E524AA8600F7@xxxxxxxxxxxxx>
<l3Wv5KOmGHA.5164@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SIDS show instead of user names
Date: Mon, 26 Jun 2006 08:35:02 -0700
Lines: 321
Message-ID: <2E09F3F8-6FCA-4462-ABB7-F1C7C8E72AFE@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.win2000.active_directory
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:114617
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.win2000.active_directory

Vincent -

Thanks for the help. 136.167.2.233 is also a DC (we have 4).
136.167.2.235
has all the domain level operations masters, but it is not a GC. A
different
DC has the forest wide operations masters and the other 2 are GCs. I
again
want to stress that there is no WAN involved and only one AD domain,
so
there
is plenty of connectivity with the GCs, etc.

I did not use the Sid2name tool because I got the impression that you
wanted
me to use it to confirm whether or not the accounts were deleted.
Since
I
know the accounts were not deleted (remember, I was able to see them
remotely
using showacls), I didn't use Sid2name. See my latest response to
Paul
Bergson below. He suggested I run LDP from the server. I did that
and
was
able to see every user name in a particular OU. If you still think
that
I
should run Sid2name, let me know.

Regards.


"Vincent Xu [MSFT]" wrote:

Hi,

Thanks for sending me the trace data.

I also found that in SID.cap, it contacts 136.167.2.235 and in
Name.cap, it
contacts 136.167.2.247. However, I found in Name.cap, an IP:
136.167.2.233.
What IP is this?

Since the problem seems to be related to 136.167.2.235, I suggest
you
shutdown this DC temporarily to see if the problem happens again.

Also, did you see the tool sid2name I attached? I'd like to suggest
you
run
it when the problem occurs to verify at the same time, if the sid
can
be
resolved. The syntax like:

Sid2name S-1-5-21-583907252-688789844-725345543-1344

Let me know the detailed output.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your
newsreader
so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
rights.
======================================================



--------------------
Thread-Topic: SIDS show instead of user names
thread-index: AcaW0afIQ6U8H4otSAWIo/blJC3BXA==
X-WBNR-Posting-Host: 136.167.76.86
From: =?Utf-8?B?Q2hhcmxpZQ==?= <baboon@xxxxxxxxxxxxxx>
References: <D97EA440-62A7-48DF-85BF-76B2082048E5@xxxxxxxxxxxxx>
<4cAln0blGHA.4908@xxxxxxxxxxxxxxxxxxxxx>
<4F433889-5407-4A02-8E93-BEBE56FCB18A@xxxxxxxxxxxxx>
<AcQOcYplGHA.5184@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SIDS show instead of user names
Date: Fri, 23 Jun 2006 07:31:03 -0700
Lines: 261
Message-ID: <EE786F60-D9BF-4CF6-9FDA-E524AA8600F7@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.win2000.active_directory
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:114567
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.win2000.active_directory

Thanks for the help. I may not be able to get to this today, but
I
certainly
will do the NetMon trace. I was thinking of using NetMon, but it
will be
very helpful for someone else to look at the output.

As far as the accounts being deleted in AD, keep in mind that
this
affects
every single account (other than the one I'm logged on with) in
every
ACL
and
group, so I already know that isn't the problem. Even if I add a
new
account
to a group, that user's name disappears as soon as I click OK.

"Vincent Xu [MSFT]" wrote:

Hi,

Thanks for your reply and clarifying.

Let's perform some troubleshooting steps:

2. Please use the tool sid2name.exe tool (attached) to
determine the name of those unknown accounts. Please run the
below
one-by-one and
check the output:

Sid2name S-1-5-21-583907252-688789844-725345543-1344
Sid2name S-1-5-21-583907252-688789844-725345543-24842
Sid2name S-1-5-21-583907252-688789844-725345543-24843
Sid2name S-1-5-21-583907252-688789844-725345543-37443


Could you find the account names from sid2name.exe? If it
cannot be
found,
the user
accounts are probably deleted and cause this problem. If the
username
can
be shown
from sid2name, please search the user accounts in AD users and
computers to
ensure
it is there.

3. If you can find the user accounts name and it is existed in
AD
users
and
computers, please help to capture netmon trace on the
problematic
file
server.

A. Install the built-in network monitor tools on the
problematic
file
server.

Windows 2000: (Add/Remove Program --> Add/Remove Windows
Components
-->
Management
and Monitoring Tools --> Network Monitor Tools --> no need to
reboot
machine)

B. Synchronize the time between file server and DC (otherwise
it is
difficult to
check in netmon)

C. Run the netmon tool on the file server.

D. Go to Capture --> Networks to choose the correct network
card by
MAC
address

E. Go to Capture --> Buffer Settings and set 100MB as buffer
size
(this
setting is
to avoid the trace overwrite itself)

F. Go to Capture --> Start to start capture the network traffic
on
both
machines.

G. Reproduce the problem by checking the ACL.

H. Stop the capture in network monitor after the unknown
account
shown.
(Please
note the system time <hh:mm:ss>, we need it to check the netmon
trace)

I. Save the network trace and send to me, please also tell me
the
IP of
the
machine.

my email is: v-xuwen@xxxxxxxxxxxxx

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your
newsreader
so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers
no
rights.
======================================================



--------------------
Thread-Topic: SIDS show instead of user names
thread-index: AcaWFVZsDXP9mpt8TPuuWrsXdSUfxQ==
X-WBNR-Posting-Host: 136.167.76.86
From: =?Utf-8?B?Q2hhcmxpZQ==?= <baboon@xxxxxxxxxxxxxx>
References:
<D97EA440-62A7-48DF-85BF-76B2082048E5@xxxxxxxxxxxxx>
<4cAln0blGHA.4908@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SIDS show instead of user names
Date: Thu, 22 Jun 2006 09:03:01 -0700
Lines: 117
Message-ID:
<4F433889-5407-4A02-8E93-BEBE56FCB18A@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal


.

Relevant Pages

  • RE: SIDS show instead of user names
    ... me to use it to confirm whether or not the accounts were deleted. ... Vincent Xu ... Run the netmon tool on the file server. ... Go to Capture --> Networks to choose the correct network card by MAC ...
    (microsoft.public.win2000.active_directory)
  • RE: SIDS show instead of user names
    ... As far as the accounts being deleted in AD, ... Run the netmon tool on the file server. ... Go to Capture --> Networks to choose the correct network card by MAC ...
    (microsoft.public.win2000.active_directory)
  • RE: SIDS show instead of user names
    ... name is always followed by the SID. ... As far as the accounts being deleted in AD, ... Go to Capture --> Networks to choose the correct network card by ...
    (microsoft.public.win2000.active_directory)
  • Re: Script help
    ... Network administration is always a ... If these are, in fact, writing lab computers, and students have their files ... shared on a server somewhere on campus, then yes, individual accounts are ... >> need the script, just log on the account and add the printer, followed by ...
    (microsoft.public.windows.server.scripting)
  • Re: [opensuse] fstab: umount as user
    ... Network Operating System concepts.... ... accounts and their settings exist on the ... Secondly, one single mount point for all users is just bad, it won't work. ... If A is member of group 2 they can use resource VI when they log in... ...
    (SuSE)