Re: LookupAccountSid fails if lpSystemName is NULL

Thx for the suggestions.

In the meantime our analysis has progressed (somewhat):

- the code at http://www.codeproject.com/cpp/lkupuserinfo.asp DOES work even
when lpSystemName is NULL
- Windows Explorer can resolve SIDs for the Owner column or for ACEs in the
Security tab for Windows-hosted shares in our primary domain, the only case
where it fails seems to be for shares on our NetApp file server, which is a
member of an old domain that is supposedly "fully trusted" by our new AD
domain...

Does this ring any other bells?

Joe Richards [MVP] wrote:
I doubt it is a hotfix as people would be screaming all over the
planet.
I would recommend rebooting a workstation and running a tool to
resolve a sid and get a network trace of the whole thing and look for
errors, primarily name res errors but it could be anything in name
res or RPC.
joe


Stephane Barizien wrote:
Recently something in our infrastructure has had the unfortunate
side effect that SID-to-account-name resolution can no longer be
done, even by Windows Explorer's Security tab on domain-joined hosts
accessing domain-joined servers using domain accounts!

Experimenting with tools like SysInternals's PsGetSID and sample
code like http://www.codeproject.com/cpp/lkupuserinfo.asp we have
found out that LookupAccountSid fails if lpSystemName is NULL, but
works if the current system's name (so, a hostname which is known in
the domain) is specified. Our guess is that something (hotfix on the DC,
maybe?) has been
changed that has this rather annoying side effect, but what?

Any clue?


.

Quantcast