RE: [ActiveDir] Unresolved SIDs in ACL

[Rich Milburn]

Title: Unresolved SIDs in ACL

Amazing what On Error Resume Next will do for you eh?   ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- ”I love the smell of red herrings in the morning” - anonymous From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, January 18, 2006 9:12 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Unresolved SIDs in ACL   Ah. Kind of scary that the script created the ACEs at all, should have errored every time that you tried to apply a bad ACE.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, January 18, 2006 7:37 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Unresolved SIDs in ACL joe,   The script owner realised just after I posted that the domain name was constructed wrongly in the script :(   Sorry to waste your time.   neil From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: 17 January 2006 23:50 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Unresolved SIDs in ACL Do the SIDs at least have the Domain portion of the SID correct? How far off are they from the real SID of the groups?   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 10:55 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Unresolved SIDs in ACL I have a script, which creates a pre-defined OU structure, creates groups and permissions the OUs with these groups. The script performs these steps in the order given. I have 2 test environments and have executed the script in each. In one environment (all w2k3 sp1 DCs, dfl and ffl=2), the script works fine and all OUs and ACEs/ACLs are correct. In the other environment (also w2k3 sp1 DCs and dfl/ffl=2) the script works fine but all new ACEs are shown as SIDs when viewed thru the ACL editor. Eventually, these unresolved SIDs are shown as 'account unknown'. I have used sidtoname (thanks joe!) and that shows that the SID cannot be resolved to a name (as expected, I guess). I'm sure someone must have seen this strange behaviour before and has some suggestions. I would suspect the latter environment to be at blame, but it was only built very recently and is still pristine. All suggestions very welcome. Thanks, neil   ___________________________ Neil Ruston Global Technology Infrastructure Nomura International plc PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.