Sid 's not resolving to user name

[Georges]

If I look at my quota entries for a volume I get a whole
bunch of [Account Information Unavailable] instead of the
actual user name.

The volume redsides on the DC in a Windows 2000 server SP4.
Is this a problem with Active directory and Sid?

How can it be corrected??

Thanks,

 

[David Adner]

Do you see *any* normal user names? Do the entries that show SID's
actually exist anymore?

 

[Jimmy Andersson [MVP]]

It sounds like it can't find the corresponding username, this can be the
result of several issues:
- Account no longer exists
- Can't contact GC/DC due to DNS issues.

You can use Ldp.exe to find the corresponding DN to the SID, if it's deleted
you need to load the 'Deleted objects' control.
Example with Ldp version 3.0 on a Win2K3 environment (I used a SID from my
test environment):

Base DN <SID=S-1-5-21-709049380-3306950797-3746505139>
Filter (&(objectCategory=*)(name=*))
Attribute *

Don't forget the '<' and '>' on the SID, you also need to put in the '-'
symbol within the SID itself. You might need to check in the control 'Return
deleted objects' if the object exist in the Deleted Objects container.
You'll find the controls in Search - Options - Controls.

The above query isn't optimized, to make it more efficient you should set
the objectCategory to person if you know it's a user you're searching for,
you won't need the name filter and you if you only want to find the DN you
can set the returned attribute to 1.1 etc... What I'm trying to say is that
there are numerous ways to write a more efficient/faster query if you know
what you're searching for, i.e objectCategory.

Regards,
/Jimmy

 

[Georges]

The accounts do exist. I do have account names coming up
normally but I also have a lot of [Account Information
Unavailable] messages. I haven't deleted any accounts
recently.

The volume being checked for disk quotas resides on the
GC/DC server. According to the Active Directory
Replication monitor, everything checks out fine between DC
and BDCs. I have one DC and 2 BDCs. I have the same
problem with other volumes.

Where does Volume quota entries retrieve it's account
info??

I have done a spot check on security settings on user
folders and I get Sid rather than Account names on some of
them. I known the user account exists in Active Directory.

-----Original Message-----
It sounds like it can't find the corresponding username, this can be the
result of several issues:
- Account no longer exists
- Can't contact GC/DC due to DNS issues.

You can use Ldp.exe to find the corresponding DN to the SID, if it's deleted
you need to load the 'Deleted objects' control.
Example with Ldp version 3.0 on a Win2K3 environment (I used a SID from my
test environment):

Base DN <SID=S-1-5-21-709049380-3306950797-3746505139>
Filter (&(objectCategory=*)(name=*))
Attribute *

Don't forget the '<' and '>' on the SID, you also need to put in the '-'
symbol within the SID itself. You might need to check in the control 'Return
deleted objects' if the object exist in the Deleted Objects container.
You'll find the controls in Search - Options - Controls.

The above query isn't optimized, to make it more efficient you should set
the objectCategory to person if you know it's a user you're searching for,
you won't need the name filter and you if you only want to find the DN you
can set the returned attribute to 1.1 etc... What I'm trying to say is that
there are numerous ways to write a more efficient/faster query if you know
what you're searching for, i.e objectCategory.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------

If I look at my quota entries for a volume I get a whole
bunch of [Account Information Unavailable] instead of the
actual user name.

The volume redsides on the DC in a Windows 2000 server SP4.
Is this a problem with Active directory and Sid?

How can it be corrected??

Thanks,

.