SID - Username Mapping - WIN 2000 Server

[tckirk]

I have set up an AD independent Forest and I have a two way trust set up
with a AD domain
in another forest.

I can add users from the domain that is outside of my forest to the various
shares that I am running.
All of the users from the outside domain can access the shares with on
problem.
This system has been running for about 9 months with this trust in place
with no problems.
The SID - user name mapping problem started about 2 months ago.

The problem occurs when I display user quotas or edit user shares and
permissions.
I just get the SID and no user name display Example: jsmith [domain\jsmith]
..
When I add the user again the SID is over written with the user name mapping
but it does to stay for very long.
If edit another user share or permission and come back I just get the SID
again.

This problem makes things difficult to manage user quotas when just the
SID is displayed.
When I go into quotas I get a retrieving information message and then [
Account Information Unavailable ] and the SID.

I was advised that I had a SID caching problem so I ran the refresh option
and I rebooted the system.
This did not fix the problem.

Any advise as to what the problem might be would be greatly appreciated.

Thanks

*************************************************'
Tom

 

[Steve Dodson [MSFT]]

Thomas,

What OS versions and service packs are involved? If you use a utility such
as sid2name does the SID resolve? If it does, is the SID resolving to a
local username instead of a domain username?


Steve Dodson [MSFT]
Directory Services
--------------------

From: "tckirk" <[email protected]>
Newsgroups: microsoft.public.win2000.active_directory
Subject: SID - Username Mapping - WIN 2000 Server
Date: Tue, 23 Dec 2003 09:09:44 -0500
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <[email protected]>
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Complaints-To: (e-mail address removed)
Lines: 38
Path: cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
l.t-online.de!t-online.de!newsfeed.icl.net!newsfeed.fjserv.net!newshosting.c
om!news-xfer2.atl.newshosting.com!140.99.99.194.MISMATCH!newsfeed1.easynews.
com!easynews.com!easynews!sn-xit-02!sn-xit-01!sn-xit-06!sn-post-02!sn-post-0
1!supernews.com!corp.supernews.com!not-for-mail
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:60362
X-Tomcat-NG: microsoft.public.win2000.active_directory

I have set up an AD independent Forest and I have a two way trust set up
with a AD domain
in another forest.

I can add users from the domain that is outside of my forest to the various
shares that I am running.
All of the users from the outside domain can access the shares with on
problem.
This system has been running for about 9 months with this trust in place
with no problems.
The SID - user name mapping problem started about 2 months ago.

The problem occurs when I display user quotas or edit user shares and
permissions.
I just get the SID and no user name display Example: jsmith [domain\jsmith]
.
When I add the user again the SID is over written with the user name mapping
but it does to stay for very long.
If edit another user share or permission and come back I just get the SID
again.

This problem makes things difficult to manage user quotas when just the
SID is displayed.
When I go into quotas I get a retrieving information message and then [
Account Information Unavailable ] and the SID.

I was advised that I had a SID caching problem so I ran the refresh option
and I rebooted the system.
This did not fix the problem.

Any advise as to what the problem might be would be greatly appreciated.

Thanks

*************************************************'
Tom

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.