Sign in with
Sign up | Sign in
Your question

sID shows in permissions instead of domain users

Last response: in Windows 2000/NT
Share
December 8, 2004 11:22:45 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am on a Windows 2000 AD domain, and my win 2k sp4 member
server is displaying SIDS instead of user's names, when I
check file/share permissions. These are NOT deleted
accounts. The users are still able to access these
folders/files, but I cannot see who has access by name,
only by SID.

I can add access for a user, see their name in the
properties for a few minutes, then it turns into a SID. If
I try to re-add them, it says "user already exists in
group" or similar message saying that the user is there,
just in SID format.

I moved my domain from a NT 4.0 domain to AD, and a few
weeks later, this problem started happening. Any
suggestions?

This does cause a problem if the member server in question is also home
to your SQL server. If you try to add a domain user to a DB, it returns
a 'user not found' error even after choosing it from a poulated list of
domain users. I would love to find an solution to this problem.
Thanks,
Lawson
Anonymous
December 9, 2004 4:26:47 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Sounds like a lookup problem, have you checked connectivity etc...?

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------


"Skeeter" <lpuffer@xos.com> wrote in message
news:1102522965.183632.37390@f14g2000cwb.googlegroups.com...
>I am on a Windows 2000 AD domain, and my win 2k sp4 member
> server is displaying SIDS instead of user's names, when I
> check file/share permissions. These are NOT deleted
> accounts. The users are still able to access these
> folders/files, but I cannot see who has access by name,
> only by SID.
>
> I can add access for a user, see their name in the
> properties for a few minutes, then it turns into a SID. If
> I try to re-add them, it says "user already exists in
> group" or similar message saying that the user is there,
> just in SID format.
>
> I moved my domain from a NT 4.0 domain to AD, and a few
> weeks later, this problem started happening. Any
> suggestions?
>
> This does cause a problem if the member server in question is also home
> to your SQL server. If you try to add a domain user to a DB, it returns
> a 'user not found' error even after choosing it from a poulated list of
> domain users. I would love to find an solution to this problem.
> Thanks,
> Lawson
>
Anonymous
December 15, 2004 8:29:22 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Skeeter,

This can happen if the PDC emulator is not available or if the DNS cannot be
contacted to resolve the domain's SRV records for the LDAP services and GCs.

Check your connectivity and work from there. The good thing is that the
SIDs are there and working as intended -- the names just resolve for we mere
mortals.
--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Skeeter" <lpuffer@xos.com> wrote in message
news:1102522965.183632.37390@f14g2000cwb.googlegroups.com...
> I am on a Windows 2000 AD domain, and my win 2k sp4 member
> server is displaying SIDS instead of user's names, when I
> check file/share permissions. These are NOT deleted
> accounts. The users are still able to access these
> folders/files, but I cannot see who has access by name,
> only by SID.
>
> I can add access for a user, see their name in the
> properties for a few minutes, then it turns into a SID. If
> I try to re-add them, it says "user already exists in
> group" or similar message saying that the user is there,
> just in SID format.
>
> I moved my domain from a NT 4.0 domain to AD, and a few
> weeks later, this problem started happening. Any
> suggestions?
>
> This does cause a problem if the member server in question is also home
> to your SQL server. If you try to add a domain user to a DB, it returns
> a 'user not found' error even after choosing it from a poulated list of
> domain users. I would love to find an solution to this problem.
> Thanks,
> Lawson
>
Related resources
December 21, 2004 2:26:37 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

As far as connectivity goes, I can ping, browse, and do most anything
on any machine/server in the domain from the server in question. I
think that there was something strange done in the migration from NT to
2000 prior to my arrival on the scene. There is also an issue with this
server losing the trust with the AD servers. This is a strange one that
has been driveing me crazy trying to figure it out. I don't knowi f
this helps, but when I run nltest /sc_query:D omain I get this

Flags: 0
Trusted DC Name
Trusted DC Connection Status Status = 1787 0x6fb
ERROR_NO_TRUST_SAM_ACCOUNT
December 21, 2004 2:34:25 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I just had a thought. This server is listed with an account on the AD
server. Would it be a bad idea to remove the account and then re-add
it. If so, is there any thing that I should be causouse of when doing
this.

Lawson
Anonymous
December 23, 2004 10:46:13 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Re. Connectivity.

Run netdiag /test:D ns on the DC.

What are the results?

A standard ping does not prove that the DNS SRV records are there...

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


"Skeeter" <lpuffer@xos.com> wrote in message
news:1103657665.337186.227510@z14g2000cwz.googlegroups.com...
I just had a thought. This server is listed with an account on the AD
server. Would it be a bad idea to remove the account and then re-add
it. If so, is there any thing that I should be causouse of when doing
this.

Lawson
!