Duplicate SIDs
I'm new to this, so please be patient. We upgraded from Exchange 5.5 to 2003; since then, I've seen the error "The SID S-1-5-21-64564757-1242000688-1683584401-5590 was found on 329 users in the DS, so the store cannot map this SID to a unique user." Looks bad. When using 5.5, we had public folders, and some postings on the internet say this is commonly related to public folders. None of the users created after the migration have this problem. Also, I haven't seen any problems with emails being mis-delivered, so the SIDs must be working in some magical way.
The Event Monitor says to "use the Exchange Active Directory Cleanup utility to merge the duplicate objects together," but that sounds catastrophic. Things are working currently, and I really don't want to make them worse.
June 4th, 2009 9:06pm
Were there any user accounts mapped to multiple mailboxes in Exchange 5.5? In other words, Joe Smith was the primary NT account on the Joe Smith, Jane Doe, and Tom Jones mailboxes.Do you still have your Active Directory Connector running or have you completely removed Exchange 5.5?
Free Windows Admin Tool Kit Click here and download it now
June 4th, 2009 9:42pm
There may have been some accounts mapped to multiple mailboxes in 5.5, but not all of them. I checked the Services - ADC is not running.
June 5th, 2009 8:04pm
Hi,To understand what is the SID, please first view the below article:http://technet.microsoft.com/en-us/library/cc164304.aspxFurthermore, please post the error message in the application event log on the forum.ThanksAllen
Free Windows Admin Tool Kit Click here and download it now
June 8th, 2009 12:54pm
I read over the SID article you posted - thank you. The error I'm getting is below:
---------------------------------------
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9528
Date: 6/16/2009
Time: 9:25:53 PM
User: N/A
Computer: OPDHQ-EXP01
Description:
The SID S-1-5-21-64564757-1242000688-1683584401-5590 was found on 329 users in the DS, so the store cannot map this SID to a unique user.
The users involved are:
/DC=xxxxxxx/DC=xxxxxxx/OU=IT Services/OU=Users/CN=Last, First
/DC=xxxxxxx/DC=xxxxxxx/CN=Users/CN=Last, First
(And 327 others)
Please use the Exchange Active Directory Cleanup utility to merge the duplicate objects together.
For more information, click http://www.microsoft.com/contentredirect.asp.
---------------------------------------
As I said before, things seem to be working well, email isn't being mis-directed or delivered to the wrong person. We supported personal folders in 5.5, but no longer. One of my main concerns with this error is the potential problems that might arise when transitioning to Exchange 2007 or some other email application.
Can someone tell me how to fix this problem, or if it needs to be fixed in order to upgrade my system?
thanks again for your help
June 17th, 2009 5:11pm
We're still having this duplicate SID issue - any other ideas, anyone?
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2009 12:04am
I am with you, I don't quite know how this could have happened or even exactly what this means. I have only seen this during a migration from 5.5 to E2K/E2K3 and only with 2 users. Download the ALTools from Microsoft:http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=enThen, extract these files, copy the AcctInfo.DLL file in to the Windows folder on a computer with Active Directory Users and Computers, then register it, REGSVR32 c:\windows\acctinfo.dllThen, run Active Directory Users and Computers and locate one of the user's in question. Look at the Additional Info tab and see if the SID in question either shows up as the user's SID or if it is in the SID History list. If there is no SID history, the SID History button will be disabled. I'm wondering if somehow, this SID got put in all of these user's SID History lists. Jim McBee - Blog - http://mostlyexchange.blogspot.com
July 7th, 2009 1:48am
Thank you - I'll give that a shot
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2009 9:01pm
I added the "Additional Account Info" tab. I haven't gone through all users, but I see that some SIDs are duplicate, and some are unique. The SID History button is disabled.
What is my next step here? Can I create new SIDs for the users who have duplicates? How is it that email hasn't been going to the wrong users, if the SIDs are incorrect?
July 15th, 2009 10:00pm
Does this need to be installed on one of the Exchange servers, or can it be on any machine with AD Users and Groups? I've noticed that the SIDs change. If I open three or four users, and click on their "Additional Account Info" tab, they all show the same SID. If I return a few minutes later and do the same, to one or more of the users, the SIDs are different. This is weird.
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2009 12:35am
anyone?
August 12th, 2009 2:40am
I have a similar problem with one little variation. The SID being returned is not for a user but for the builtin group itself (I think). ?example:The SID S-1-5-32 was found on 2 users in the DS, so the store cannot map this SID to a unique user.
The users involved are:
/DC=local/DC=contoso/CN=Builtin
/DC=local/DC=contoso/DC=sav/CN=Builtinhttp://support.microsoft.com/kb/243330 is the MS article listing out the common SID numbers. S-1-5-32 is not listed by itself. What am I missing? There aren't any users to merge or reassign mailboxes for here are there?
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2009 9:37pm
I'm having the same issue as you with SID S-1-5-32 did you ever get an answer?
May 23rd, 2011 1:54pm
Likley the ramifications of the migration. Built in groups these can't be migrated by design, I'm not sure how you got duplicates. You can't arbitrarly create\reassign SIDs since you will loose SID history and can break ACE permissions access across your
environment. If there are duplicate SIDs that doesn't mean emails will get sent to different users who share SIDs. The SIDs are windows SIDS, mailboxes have GUIDS.
So basically do you have two unique users with their own mailboxes that have duplicate SIDS? Or is basically one account active and the other one is some random duplicate? James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2011 4:37pm
Unfortunately, although this may be a dead thread, I have not seen an explanation yet on the interweb so I believe that I must shed some light on this.
I ran into an issue on my network this past week that was showing the same SID and GUID and actually in fact everything on the "Additional Account Info" Tab. This had me quite worried until i recreated the issue and returned erratic results (Like MacLevin
Said, "This is weird"). From my experience with this i have gathered the following:
1. If multiple Account Properties windows are opened, THEN browsed to the Additional Account Info Tab, the SIDs and GUIDs will show as the same for both Users/Accounts.
2. If each Properties window is opened and browsed to the Additional Account Info Tab BEFORE opening a properties window for another User/Account, then the SIDs and GUIDs (and Logon/Password/Status properties) show correctly (or at least not duplicates).
Looks to me like a little bit of a bug in this part of the resource kit tools, but at least this workaround appears to produce the correct information if you use method number 2.
January 24th, 2012 1:41am