RE: SIDS show instead of user names

---

• From: Charlie <baboon@xxxxxxxxxxxxxx>
• Date: Wed, 28 Jun 2006 08:46:01 -0700

---

Hi Vincent -

I used Netdom to reset the account and the utility acknowledged that the
secure channel was reset, but it didn't fix the problem.

I'll try removing it and then adding it back to the domain, but I will have
to coordinate that with the server admin, because of the reboot.
If that doesn't work I think I next will try loading the default security
template to see if that solves it.

Thanks.

"Vincent Xu [MSFT]" wrote:

Hi,

I agree with you that we may have a try to reset computer account. Please
let me know the results and I will be glad to provide assistance.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

Thread-Topic: SIDS show instead of user names
thread-index: AcaZ9XofwK8HzIiOS86su0jerifTqA==
X-WBNR-Posting-Host: 136.167.76.86
From: =?Utf-8?B?Q2hhcmxpZQ==?= <baboon@xxxxxxxxxxxxxx>
References: <D97EA440-62A7-48DF-85BF-76B2082048E5@xxxxxxxxxxxxx>

<4cAln0blGHA.4908@xxxxxxxxxxxxxxxxxxxxx>
<4F433889-5407-4A02-8E93-BEBE56FCB18A@xxxxxxxxxxxxx>
<AcQOcYplGHA.5184@xxxxxxxxxxxxxxxxxxxxx>
<EE786F60-D9BF-4CF6-9FDA-E524AA8600F7@xxxxxxxxxxxxx>
<l3Wv5KOmGHA.5164@xxxxxxxxxxxxxxxxxxxxx>
<2E09F3F8-6FCA-4462-ABB7-F1C7C8E72AFE@xxxxxxxxxxxxx>
<Ku5xExcmGHA.2260@xxxxxxxxxxxxxxxxxxxxx>

Subject: RE: SIDS show instead of user names
Date: Tue, 27 Jun 2006 07:25:02 -0700
Lines: 327
Message-ID: <F031AA96-DC93-4B13-868E-F99427C6AF42@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.win2000.active_directory
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.win2000.active_directory:114651

NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.win2000.active_directory

OK, I guess it was worth running sidtoname, if only because it adds to

the

weirdness. It gives an error and reports that the trust relationship has
failed between the domain and workstation. That makes no sense at all
because I can log on with a domain account and I can still add users to
groups and ACLs and administer remotely and there are no errors in the

Event

Logs.

If I look at the same SIDs from my own workstation using sidtoname, I can
resolve them. If I do the same, but append the name of the problem

server, I

get the same error message as above.

Here is some other info:
Speaking of Event Logs, user names show as SIDs until I open an event.

Once

the box opens for the event the user name shows, but only in the

Description

section.
This problem is not 100% consistent; once in a great while I come across

a

user name instead of a SID in a local group, but there are very few and

the

name is always followed by the SID. If I add one of those users to a
different group I get the same result; I see the user name (followed by

the

SID).

Maybe we can simply try removing and rejoining the machine to the domain

or

use Netdom to reset the account (even if it doesn't appear as though it's
needed).

"Vincent Xu [MSFT]" wrote:

Hi,

Honestly, it is a weird issue. The reason I suggest you run sidname is

that

I'd like to make sure the sid can be resolved at the same time you see

SID

in ACL. Please let me know the results in detail (If there are any

error

messages.)

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader

so

that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no

rights.

======================================================



--------------------

Thread-Topic: SIDS show instead of user names
thread-index: AcaZNhcLx49xnCVqT66a1eAuT/T2Bw==
X-WBNR-Posting-Host: 136.167.76.86
From: =?Utf-8?B?Q2hhcmxpZQ==?= <baboon@xxxxxxxxxxxxxx>
References: <D97EA440-62A7-48DF-85BF-76B2082048E5@xxxxxxxxxxxxx>

<4cAln0blGHA.4908@xxxxxxxxxxxxxxxxxxxxx>
<4F433889-5407-4A02-8E93-BEBE56FCB18A@xxxxxxxxxxxxx>
<AcQOcYplGHA.5184@xxxxxxxxxxxxxxxxxxxxx>
<EE786F60-D9BF-4CF6-9FDA-E524AA8600F7@xxxxxxxxxxxxx>
<l3Wv5KOmGHA.5164@xxxxxxxxxxxxxxxxxxxxx>

Subject: RE: SIDS show instead of user names
Date: Mon, 26 Jun 2006 08:35:02 -0700
Lines: 321
Message-ID: <2E09F3F8-6FCA-4462-ABB7-F1C7C8E72AFE@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.win2000.active_directory
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.win2000.active_directory:114617

NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.win2000.active_directory

Vincent -

Thanks for the help. 136.167.2.233 is also a DC (we have 4).

136.167.2.235

has all the domain level operations masters, but it is not a GC. A

different

DC has the forest wide operations masters and the other 2 are GCs. I

again

want to stress that there is no WAN involved and only one AD domain,

so

there

is plenty of connectivity with the GCs, etc.

I did not use the Sid2name tool because I got the impression that you

wanted

me to use it to confirm whether or not the accounts were deleted.

Since

I

know the accounts were not deleted (remember, I was able to see them

remotely

using showacls), I didn't use Sid2name. See my latest response to

Paul

Bergson below. He suggested I run LDP from the server. I did that

and

was

able to see every user name in a particular OU. If you still think

that

I

should run Sid2name, let me know.

Regards.


"Vincent Xu [MSFT]" wrote:

Hi,

Thanks for sending me the trace data.

I also found that in SID.cap, it contacts 136.167.2.235 and in

Name.cap, it

contacts 136.167.2.247. However, I found in Name.cap, an IP:

136.167.2.233.

What IP is this?

Since the problem seems to be related to 136.167.2.235, I suggest

you

shutdown this DC temporarily to see if the problem happens again.

Also, did you see the tool sid2name I attached? I'd like to suggest

you

run

it when the problem occurs to verify at the same time, if the sid

can

be

resolved. The syntax like:

Sid2name S-1-5-21-583907252-688789844-725345543-1344

Let me know the detailed output.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your

newsreader

so

that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no

rights.

======================================================



--------------------

Thread-Topic: SIDS show instead of user names
thread-index: AcaW0afIQ6U8H4otSAWIo/blJC3BXA==
X-WBNR-Posting-Host: 136.167.76.86
From: =?Utf-8?B?Q2hhcmxpZQ==?= <baboon@xxxxxxxxxxxxxx>
References: <D97EA440-62A7-48DF-85BF-76B2082048E5@xxxxxxxxxxxxx>

<4cAln0blGHA.4908@xxxxxxxxxxxxxxxxxxxxx>
<4F433889-5407-4A02-8E93-BEBE56FCB18A@xxxxxxxxxxxxx>
<AcQOcYplGHA.5184@xxxxxxxxxxxxxxxxxxxxx>

Subject: RE: SIDS show instead of user names
Date: Fri, 23 Jun 2006 07:31:03 -0700
Lines: 261
Message-ID: <EE786F60-D9BF-4CF6-9FDA-E524AA8600F7@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.win2000.active_directory
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl

microsoft.public.win2000.active_directory:114567

NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.win2000.active_directory

Thanks for the help. I may not be able to get to this today, but

I

certainly

will do the NetMon trace. I was thinking of using NetMon, but it

will be

very helpful for someone else to look at the output.

As far as the accounts being deleted in AD, keep in mind that

this

affects

every single account (other than the one I'm logged on with) in

every

ACL

and

group, so I already know that isn't the problem. Even if I add a

new

account

to a group, that user's name disappears as soon as I click OK.

"Vincent Xu [MSFT]" wrote:

Hi,

Thanks for your reply and clarifying.

Let's perform some troubleshooting steps:

2. Please use the tool sid2name.exe tool (attached) to
determine the name of those unknown accounts. Please run the

below

one-by-one and
check the output:

.

---

• Follow-Ups:
  • RE: SIDS show instead of user names
    • From: Vincent Xu [MSFT]

• References:
  • RE: SIDS show instead of user names
    • From: Vincent Xu [MSFT]
  • RE: SIDS show instead of user names
    • From: Charlie
  • RE: SIDS show instead of user names
    • From: Vincent Xu [MSFT]
  • RE: SIDS show instead of user names
    • From: Charlie
  • RE: SIDS show instead of user names
    • From: Vincent Xu [MSFT]
  • RE: SIDS show instead of user names
    • From: Charlie
  • RE: SIDS show instead of user names
    • From: Vincent Xu [MSFT]
  • RE: SIDS show instead of user names
    • From: Charlie
  • RE: SIDS show instead of user names
    • From: Vincent Xu [MSFT]

• Prev by Date: Re: Domain installed, workgroup can access server
• Next by Date: Re: repadmin issues
• Previous by thread: RE: SIDS show instead of user names
• Next by thread: RE: SIDS show instead of user names
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: SIDS show instead of user names ... Best regards, ... Vincent Xu ... secure channel was reset, but it didn't fix the problem. ... I agree with you that we may have a try to reset computer account. ... (microsoft.public.win2000.active_directory) RE: How to authentificate an user via telephon? ... would leave the reset password on the users voice mail. ... would only be accessible by the person whose account is reset. ... assuming email and vmail are secure. ... How to authentificate an user via telephon? ... (Security-Basics) Re: write with cURL ... reading each other's files using PHP, ... shared hosting account and I will promptly remit payment. ... not as secure as you believe it to be. ... (alt.php) RE: Password disappears ... account password will be reset to empty automatic. ... SBS infected by Trojan horse. ... Configure account lockout policy. ... (microsoft.public.windows.server.sbs) RE: Quick question on resetting computer accounts in AD ... and recreating the account. ... Is it okay to use the reset account function? ... SBS Server Management console does not have "Reset Account" command to ... In fact, the SBS Server Management console has already integrated ADUC, you ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2006-06