As of last week we have started having problems with users being denied access to folders they have been using for months / years (access controled through security groups - other members can still access). One minute they will be able to access a folder, the next they are receiving access denied errors. Whilst trying to get to the bottom of this we have noticed that on some folders where users are explicitly granted permission (rather than through security groups), usernames have been replaced with a SID. You are able to re-add the users that have dissapeared along side the SID, and if I run sidtoname.exe it cannot resolve the SID. Name resolution is working fine and I've run netdiag with no errors, so the only thing that I can come up with is that the SIDs have some how been corrupted on the permissions, but I really cannot see how this could have happened on several different folders. I hope somebody can come up with an explanation...

Hello, it seems for me that in the domain exist some problem. When the username is replcaed by SID with unknown account name chekc the domain controllers for errors from the command line with "dcdiag /v", "repadmin /showrepl" and "netdom query fsmo" and post the complete output here including an unedited ipconfig /all from them. Or do you have trust to another domain and these user accounts are belonging to another domain?Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hello, Thank you for your post here. Does the unresolved SID happen on all domain clients/servers? Or does it happen on a specific client/server? For further investigation, could you please help to collect the MPS report on DC & problematic client and upload the CAB files to Skydirve (you may send the URL to me at v-mileli@microsoft.com for troubleshooting). Microsoft Product Support's Reporting Tools http://www.microsoft.com/downloads/details.aspx?familyid=cebf3c7c-7ca5-408f-88b7-f9c79b7306c0&displaylang=en Regarding SkyDrive: 1. As an important note, if you do not want others to access the uploaded files, when uploading the file, please expand the "Share with" box, choose "Select people...", and then type my Windows Live ID " milesli_msft@hotmail.com" (without the quotation marks) in the Individual box. For detailed steps on how to upload files with SkyDrive, please refer to: http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65 2. The above Windows Live ID is ONLY for collecting troubleshooting information. Please do NOT send your questions to it. For any new questions, please post in the forums so that more MSFT, MVP and community members can help you. If you have any questions or concerns, please do not hesitate to let me know.

Meinolf Thanks for the reply. I've run the above checks, is there a way to attach files to forum? I've had a look but can't find anything. If not I could share them with you on skydrive as I will be doing with Miles?

Miles Thanks for the reply. I have uploaded the files and shared them with you. The unresolved SID happens on all clients/server.

Hello, Windows skydrive is an easy way to share files and pictures: http://skydrive.live.comBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Meinolf The test results are already on Skydrive, could you let me know your Live ID so I can share them with you?

Hello, just add the link from that page. That's it.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

http://cid-fd3df5b89f1e6f29.skydrive.live.com/browse.aspx/Upload

Hello, on the Exchange disable the unused NIC, 169.254.x.x and make sure it isn't listed in your DNS zones. On the backup server remove the loopback ip 127.0.0.1 and use the real one instead. Also if not used in your domain disable IPv6 according to: http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx According to the dcdiag output clmbackup found 4 DCs in the domain and clmserver and exchange found only 3, please describe some details about CLMDCABD, for me it seems that clmbackup isn't up to date or the other aren't.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Meinolf CLMDCABD is a the DC on a second site that is no longer in use, but was not removed via dcpromo. I will do as you suggest on the other servers now. I can't get the the blog as it requires authentication but I believe I know how to disable IPv6. Thanks

Hello, if CLMDCABD never comes back cleanup AD database from it according to: http://support.microsoft.com/default.aspx/kb/555846/en-us?p=1 For the blog access this isn't needed normally, i am also surprised about. I have contacted Paul Bergson about this. In the meanwhile check this one: http://support.microsoft.com/kb/929852/en-usBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Meinolf Thanks, I will do that. Regarding the IPv6, I disabled IPv6 earlier according to that article but IPv6 still shows in the properties tab of the NIC, is this usual?