2

I have restored a backup to our Windows 2003 SBS domain controller. All the permissions for folders seem to be set correctly for groups BUT when looking at folders that had permissions set for specific users they are appearing as a SID i.e s-1-2-5-124234-23423234234-5643.

I am not really sure where to go to correct this issue. Any idea what is causing it?

ThatGraemeGuy
  • 15,473
  • 12
  • 53
  • 79
webnoob
  • 465
  • 2
  • 16
  • 35

1 Answers1

1

That string is a Security Identifier, aka SID. Every security principal in Active Directory (users, computers, groups, etc.) has one, Under normal circumstances, Windows will contact a DC to query the name for the SID when you view permission ACLs, and you would see the username, e.g. YOURDOMAIN\username.

Typical causes for a SID being displayed instead of a user/group/computer name are (in decreasing order of likelihood):

  • The SID belonged to a security principal which has been deleted.
  • A DC cannot be contacted for some reason. In your SBS environment this is highly unlikely to be the cause. Also, if this were the cause, you would see all ACEs use a SID rather than a friendly name, not just some.
  • The SID belongs to a security principal (user, etc.) in a remote trusted forest and there are connectivity issues. I don't have a lot of SBS experience so this may not even be possible.
ThatGraemeGuy
  • 15,473
  • 12
  • 53
  • 79