sID shows in permissions instead of domain users

S

Skeeter

I am on a Windows 2000 AD domain, and my win 2k sp4 member
server is displaying SIDS instead of user's names, when I
check file/share permissions. These are NOT deleted
accounts. The users are still able to access these
folders/files, but I cannot see who has access by name,
only by SID.

I can add access for a user, see their name in the
properties for a few minutes, then it turns into a SID. If
I try to re-add them, it says "user already exists in
group" or similar message saying that the user is there,
just in SID format.

I moved my domain from a NT 4.0 domain to AD, and a few
weeks later, this problem started happening. Any
suggestions?

This does cause a problem if the member server in question is also home
to your SQL server. If you try to add a domain user to a DB, it returns
a 'user not found' error even after choosing it from a poulated list of
domain users. I would love to find an solution to this problem.
Thanks,
Lawson
 
J

Jimmy Andersson [MVP]

Sounds like a lookup problem, have you checked connectivity etc...?

Regards,
/Jimmy
 
R

Ryan Hanisco

Skeeter,

This can happen if the PDC emulator is not available or if the DNS cannot be
contacted to resolve the domain's SRV records for the LDAP services and GCs.

Check your connectivity and work from there. The good thing is that the
SIDs are there and working as intended -- the names just resolve for we mere
mortals.
 
S

Skeeter

As far as connectivity goes, I can ping, browse, and do most anything
on any machine/server in the domain from the server in question. I
think that there was something strange done in the migration from NT to
2000 prior to my arrival on the scene. There is also an issue with this
server losing the trust with the AD servers. This is a strange one that
has been driveing me crazy trying to figure it out. I don't knowi f
this helps, but when I run nltest /sc_query:domain I get this

Flags: 0
Trusted DC Name
Trusted DC Connection Status Status = 1787 0x6fb
ERROR_NO_TRUST_SAM_ACCOUNT
 
S

Skeeter

I just had a thought. This server is listed with an account on the AD
server. Would it be a bad idea to remove the account and then re-add
it. If so, is there any thing that I should be causouse of when doing
this.

Lawson
 
P

ptwilliams

Re. Connectivity.

Run netdiag /test:dns on the DC.

What are the results?

A standard ping does not prove that the DNS SRV records are there...

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


I just had a thought. This server is listed with an account on the AD
server. Would it be a bad idea to remove the account and then re-add
it. If so, is there any thing that I should be causouse of when doing
this.

Lawson
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Why are SIDS showing up in File Permissions tab? 4
NTFS problem? SID instead of name? 3
moving accounts retaining SID 5
SID from trusted are not enumeratiing for trusted domain 1
SID filtering confusion?? 1
SIDS show instead of user names 23
Group shows member's SID instead of account name 2
SID - Username Mapping - WIN 2000 Server 1

Top