Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SID appearing not user / group name in security window

Posted on 2004-10-01
2
Medium Priority
?
1,078 Views
Last Modified: 2010-08-05
My domain consists of 3 Windows 2000 domain controllers, 1 NT 4.0 member server acting as an Exchange 5.5 server and 10 other Windows 2000 member servers.  The domain was recently upgraded from an NT 4.0 domain.  Even though I am not running any NT BDC's I am still running in Mixed mode.  Will be making the change soon.  Just wanted to make sure everything is running fine w/ the 2000 domain.

Only minor Issue I am seeing relates to file / folder permissions at the server level.  Once and a while if I look at the properties of a file or folder, and goto the security tab, I may see 1 or 2 SID's (along with Domain users and domain groups)  Are these SIDs that are not being removed when accounts are removed from the domain?  (Employee quits / get fired, his account is removed)  My thought is that the SID is associated with the folder or file, but when it looks to active directory to resolve the sid to an account / group name, it cannot be found.  Am I correct?  Has anyone seen this before.

Thanks
0
Comment
Question by:chadd25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Expert Comment

by:dev8
ID: 12203661
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 12204378
Those are ACEs from accounts that have been deleted or can otherwise not be resolved to their name (for example an account from a former trusted domain).
Sid2Name won't help you anything, because this does nothing else than what the OS tries.
On another note, when you say "along with Domain users", you've probably set your permissions incorrectly. Unless for home drives, don't assign permissions to user accounts; this will end up in a mess. The way according to MS's gospel is AGLP: *A*ccounts go into *G*lobal groups. Global groups go into *L*ocal groups (on the server that hosts the share). *P*ermissions are assigned to the local groups. On W2k AD running in native mode, you can use domain local groups instead of "real" local groups.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question