Avatar of pyizzle
pyizzle asked on

Account Unknown when adding user to folder permissions

I've recenlty needed to lock down the permissions on a certain folder on my network.  A user joined my company and needs access to this folder.  I created an account in AD and added that account into the needed folders permissions tab with full control.  I apply the changes and close the dialog box.  I open the dialog box again (within 5 seconds of closing) and the account is now an "Account Unknown (SID #)"

We have two DC's (Windows 2K3 amd 2K8) with no outside trusts.  I've verified the time sync between the two have been able to log onto our network with the new user's account.  The only problem lies in applying permissions to folder's.  Any help would be greatly appreciated.
OS SecurityActive Directory

Avatar of undefined
Last Comment
Kevin Hays

8/22/2022 - Mon
Randy Downs

Try adding the user to a group that has access to the folder. That's generally the best way to give users permissions. Remove them from the group when they don't need access.

It is usually because the SID is not resolvable from your domain controller.  Check your communications path to your domain controller from the server (Firwall perhaps running in strict mode).  You can check the communications path by using portquery or portqueryUI for a GUI.


Also, try removing the unresolvable SID, clicking apply then ok, then re-adding the user back to the share.


  Thank you for the quick response.  I've already tried that (sorry I didnt' include in my orignal post).  I thought that would clear up the problem too.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck


  The communication path is umimpeded.  The firewall is allowing clear communication between server and DC.  I've already removed and re-added the unresolved SID more times than I can count.  I think I've narrowed it down to a replication problem between AD's
Randy Downs

Evidently the 2 servers are not synching up properly. I presume that the 2008 DC is acting like a 2003 DC for co-existence.

I would suspect the logon server for the machine you are using to apply privileges. Possible to reboot?

 No, unfortunately there is no way for me to reboot until after 8 p.m.  We are located at a 24x7 facility.  I'll try the suggestion as soon as it's possible to do so.  Thanks
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Kevin Hays

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Thanks for your help!  Upon review of the dcdiag report, I discovered the FrsEvent wasn't passing its test.
I applied the solution offered by Microsoft and all seems to be working great.  Thanks again.
Kevin Hays

Good deal pyizzle.

Glad I could help you out there.  That along with netdiag is a really good starting point when troubleshooting AD and DNS related issues.