Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NTAccount Translation seconds after account has been created c#

Posted on 2010-08-17
2
Medium Priority
?
772 Views
Last Modified: 2012-05-10
Hey all I am getting the following error, what I am doing is creating an account in the AD then a split second later creating their home folder. Another split second later I am assigning the permissions to the folder but for some reason I can not translate the account. Do I need to wait a set time?

17/08/2010 09:00:43: Permissions: EB0849758 FAILED - System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
   at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
   at System.Security.AccessControl.FileSystemSecurity.AddAccessRule(FileSystemAccessRule rule)
   at KazooSoft.FolderPermissions.AddFolderSecurity(String folderName, String account, FileSystemRights rights, AccessControlType controlType) in \\ncs-srv09\staffhomes$\schurch\My Documents\Visual Studio 2010\Projects\KazooADIntegrationUtility\KS-FolderPermission.cs:line 68
0
Comment
Question by:KazooSoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Rant32 earned 2000 total points
ID: 33454551
Yes, it is possible that the domaincontroller that authenticated your fileserver has not received the update for the new user account yet. This is normal behaviour.

Within a 2003 AD site, any domain controller waits 15 seconds before sending an update notification to its replication partners, with a maximum of 3 hops. Reference: http://technet.microsoft.com/en-us/library/cc728010%28WS.10%29.aspx

Instead of waiting for a random interval, you may catch the specific exception and retry after 15 seconds.
0
 
LVL 4

Author Comment

by:KazooSoft
ID: 33454815
Cheers Rant, that's what I ended up doing.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question