Re: "account unknown" on acl cannot be removed without blocking inheritence

From: Marco (tired.of.spam)
Date: 01/30/04 

Date: Fri, 30 Jan 2004 22:28:53 +0100

Gary

the account unknown may be due to the fact that some accounts got their SID
changed when migrated to AD. When AD does not have the account SID in AD
then it displays unknown account. For what concerns the inheritance I
suspect (again) that these files are left for from your NT4 installation as
NT4 had a very different inheritance model. Some may go as far as saying
that NT4 did not have an inheritance model at all. 

-- 
Execute applications with elevated privileges [ www.neovalens.com ]
--
"David Grant" <anonymous@discussions.microsoft.com> wrote in message
news:706201c3e6a2$c9dadc80$a601280a@phx.gbl...
> I have several folders with an "Account Unknown" entry on
> the ACL that cannot be removed without turning off
> inheriting permissions.  However, the parent folder does
> not contain that ACL entry, indicating to me that
> the "Account Unknown" ACL entry is not being inherited.
> My questions are:
>
> 1.  Why do I need to turn off inheritence when clearly
> that particular ACL entery is not being inherited?
>
> 2.  Why do "Account Unknown" entries show up in the first
> place and how can I easily remove them?
>
> More info:
>
> Our domain has never had a trust relationship.  The box
> in question is a DC running Windows 2000 Server SP4.
> Some of the files and directories may have been copied
> from an NT4 DC in the past.