Announcement

Collapse
No announcement yet.

Permission issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Permission issue

    Hello Everyone,

    I have a DNP cluster with 7 servers. One DC and others are its members.
    One of them is web server. I am facing issues with this web server hence decided to migrate it. I have successfully migrated/restored everything including web sites on new server,

    but :

    when I right click on folder of a web site on new server > select properties > Security tab > I can see all users but some of them are shown as "Account Unknown(S-1-5-21-401........)" users which are come from old server. I know this is due to SIDs but there must be something to integrate old SIDs to new.
    I want all those users integrated properly on new server.

    Do you have any script or work around to get this fixed ?

    Thanks in Advance,
    Ganesh

  • #2
    Re: Permission issue

    Can give this a go:

    http://directoryprogramming.net/file...ls/entry3.aspx
    or this:
    http://www.petri.com/obj_sid.htm
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Permission issue

      Thanks very much

      But these tools convert SID and show the converted one.

      I am looking for a script which will fix all "Account Unknown..." in security tab of all web sites permission automatically. Currently all users are shown as "Account Unknown..." I do not want to remove them but I want to fix them.

      Awaiting your reply

      Thanks in advance,

      Comment


      • #4
        Re: Permission issue

        Can you tell us exactly what you did to the (poor innocent) web server?

        AFAIK the main way you will get "account unknown" is if you move it from one domain to another -- is this the "migration" you refer to?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Permission issue

          Hello,

          Exactly Ossian

          I migrated one server to another. Let me explain you once again :

          I have one DNP(DotNetPanel) cluster which consists of 7 servers.
          One of them is Domain controller and rest are ADC of DC.
          One server is webserver say web1.
          We are facing some hard disk issues on web1 hence I created a new server windows 2003, made it as ADC and added it in DC.
          Now both old and new servers are still present in DC.

          I migrated all sites, users, IIS etc. from old server to new.
          I want to integrated old server SIds to new server.
          I prepared a list of users, old SIDs and new SIDs in a excel sht.

          suppose theres a user - 1com_web
          Old SID - S-1-5-21-4102302498-1957778792-475030201-5447
          New SID - S-1-5-21-4102302498-1957778792-475030201-10574

          When on new server I click on properties of web site folder to which user 1com_web is bound I found users shown as "Account Unknown.."
          In advanced permissions SID shown as S-1-5-21-4102302498-1957778792-475030201-5447

          I want to make "Account Unknown.." to actual user name in Permissions tab of web site properties.

          Awaiting your reply

          Thanks in advance

          Comment


          • #6
            Re: Permission issue

            In my experience the only way you get the "Unknown Account" is when the machine can not rectify the SID. In your situation my initial guess would be that the SID you are looking at is a local account from the other machine. Are you missing any AD permissions that should be there? If that is the case then as long as all of the local accounts (System, etc) are created and in place then you should be fine with just deleting the one since it is trying to access an account that no longer exists.
            Two things:
            1) If I wrote something wrong please please please let me know. I want to know ESPECIALLY if I am wrong.
            2) I have a tendency to write things that are misconstrued as being agressive or not so pleasant. That is not my intent.

            Comment


            • #7
              Re: Permission issue

              If you made a member server a DC all local accounts will be lost (DCs have no local accounts) and this may explain your issues.

              btw, did anyone tell you it is a VERY bad idea to make a DC into a web server -- all sorts of security risks. You would be better to have 2 DCs and the rest member servers
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment

              Working...
              X