No mapping between account names and security IDs was done.

Posted on 2011-04-28
Last Modified: 2012-05-11
OS: Windows Server 2003

We recently migrated a company we aquired onto our network.

So they were on a differnt domain previously. We joined their servers to our domain, and since have been seeing the eventvwr fill up with these errors;

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

When you go through it, note that I did Step 1 and the usernames that were listed were "it." and "it infra." over and over again on all servers except the DC.  DC showed on "Ad.".

When we run;

C:\>FIND /I "Cannot find"  %SYSTEMROOT%\Security\Logs\winlogon.log

        Cannot find Ad.
        Cannot find it.
        Cannot find it infra.

Im wondering where these came from? Would this have to have been accounts on the previous domain perhaps? As we dont have these on our domain, the domain that we migrated them onto...

Thanks in advance.
Question by:OdyChris
    1 Comment
    LVL 6

    Accepted Solution

    There will be some group policies applied to these computers with these accounts are keyed in some where....

    You can do a RSOP.MSC to this computer and check on Comp Policy > Windows Settings > Sec Settings > Local policies > User right assingment or on restricted groups...

    please check ...

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now