Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Server & Application Monitor (SAM) > AppInsight for Exchange cannot configure properly due to unknown SIDs being listed in a server's administrator group

AppInsight for Exchange cannot configure properly due to unknown SIDs being listed in a server's administrator group

Overview

AppInsight for Exchange cannot configure properly due to unknown SIDs being listed in a server's Administrator group. 

Environment

All SAM versions

Cause

This is typically due to the fact the Active Directory user or group object which was once a member of the local Administrators group has been deleted from Active Directory. AD does not update the membership of local groups on servers or workstations. This results in the local group reporting the object using the SID, as it is no longer able to resolve the SID to the SAMAccountName.

Resolution

Unresolved SIDs should be deleted for successful configuration.

Note: Issues with AD replication or an unhealthy GC in the local site can cause the same symptoms, even if the object still exists in AD. This is even more prevalent in multi-domain environments, but can also occur in a single flat domain. 

Before removing an object from the local Administrators group, you should log into a healthy DC (preferably also a GC) and verify the object no longer exists. This can be done using the following procedure.

  1. Open a PowerShell session
  2. Type 'Import-Module ActiveDirectory'
  3. Type 'Get-ADUser -Filter * | Where-Object {$_.SID -eq "<unknown>"} | Select-Object SamAccountName, SID'</unknown>

If the SID returns a value, the object still exists. If it does not, then the object has been deleted.

 

Last modified
20:54, 30 Nov 2016

Tags

Classifications

Public