Re: LookupAccountSid fails if lpSystemName is NULL

Can you resolve any SIDs from the old domain in the AD domain? I don't really want to talk about the NetApp filers, I hate anything that does SMB emulation as they all tend to do it half-assed. I worked at a very large company that tried using just about every different type and they all pretty much sucked at some level.



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Stephane Barizien wrote:
Thx for the suggestions.

In the meantime our analysis has progressed (somewhat):

- the code at http://www.codeproject.com/cpp/lkupuserinfo.asp DOES work even when lpSystemName is NULL
- Windows Explorer can resolve SIDs for the Owner column or for ACEs in the Security tab for Windows-hosted shares in our primary domain, the only case where it fails seems to be for shares on our NetApp file server, which is a member of an old domain that is supposedly "fully trusted" by our new AD domain...

Does this ring any other bells?

Joe Richards [MVP] wrote:
I doubt it is a hotfix as people would be screaming all over the
planet.
I would recommend rebooting a workstation and running a tool to
resolve a sid and get a network trace of the whole thing and look for
errors, primarily name res errors but it could be anything in name
res or RPC.
joe


Stephane Barizien wrote:
Recently something in our infrastructure has had the unfortunate
side effect that SID-to-account-name resolution can no longer be
done, even by Windows Explorer's Security tab on domain-joined hosts
accessing domain-joined servers using domain accounts!

Experimenting with tools like SysInternals's PsGetSID and sample
code like http://www.codeproject.com/cpp/lkupuserinfo.asp we have
found out that LookupAccountSid fails if lpSystemName is NULL, but
works if the current system's name (so, a hostname which is known in
the domain) is specified. Our guess is that something (hotfix on the DC, maybe?) has been
changed that has this rather annoying side effect, but what?

Any clue?


.

Relevant Pages

  • Re: 3 Different BSOD
    ... Microsoft Windows XP Home Edition ... To determine if you have a boot sector virus, run a current virus-checking program, and if needed, disinfect your computer. ... If this does not resolve the issue, your computer mainboard may be damaged. ... 0xC000009D, or STATUS_DEVICE_NOT_CONNECTED, indicates defective or loose cabling, termination, or the controller not seeing the hard disk. ...
    (microsoft.public.windowsxp.general)
  • Re: Cant get good connections from Windows XP to Sbs 2003
    ... please follow below steps to try to resolve the ... Microsoft CSS Online Newsgroup Support ... It fixed my problem on Windows 2000 servers. ... >connection to the Windwos 2003 server to disconnect ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003, lost companyweb
    ... This server has a trust relationship with Domain_name.local. ... The original Windows SBS installation was preinstalled by an OEM. ... To resolve this: ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: different IE freeze problem - active script links
    ... internet explorer has now been resolved. ... How to remove Windows XP Service Pack 2 from your computer ... How to make a good newsgroup post: ... If this does not resolve the problem, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: 3 Different BSOD
    ... Microsoft Windows XP 64-Bit Edition ... To determine if you have a boot sector virus, run a current virus-checking program, and if needed, disinfect your computer. ... If this does not resolve the issue, your computer mainboard may be damaged. ... kbWinXPHome kbWinXPHomeSearch kbWinXPPro kbWinXPPro64bit kbWinXPProSearch kbWinXPSearch kbZNotKeyword ...
    (microsoft.public.windowsxp.general)