4

I am looking into some weird issues with active directory and group policy. This domain has been upgraded from windows NT and has had a few different administrators over the years. I am looking through the Default Domain group policy and Default Domain Controller group policy. In the security areas, using the log on locally area as an example, it shows SIDes that begin with asterisks and are quite long they look sort of like the following

*S-1-5-21-787626...

Normally, when I see something like this I would think that the User account was no longer there and this was never cleaned up. Am I wrong in my assumption? Thanks in advance

Phillip R.
  • 341
  • 2
  • 9

1 Answers1

7

Yes, you are correct, SIDs that are shown in numeric form typically mean that they cannot be resolved by either your local machine or your domain controller.

Download SysInternals' (Microsoft's) PSGetSID tool (here) and obtain the SID for your domain:

psgetsid.exe <DOMAIN_NAME>

Have a look at the format of a SID on wikipedia, to see if the domain part of your unresolved SID matches your domain's SID.

Simon Catlin
  • 5,222
  • 3
  • 16
  • 20
  • Thanks for pointing me at the utility, I had used it once but it has been awhile for the need of it. So, it had completely slipped my mind. – Phillip R. Aug 31 '12 at 12:17