What does the SID resolve to? You can use LDP.EXE to resolve the SID to a security principal. I'm not sure whether the SACL Watcher checks the effective rights on the DCs or simply checks the DDP settings. I suspect the former. Do you maybe have another (new?) policy applied to the DCs that changes this setting? You could also try running DOMAINPREP again to see if that fixes the issue.Alexei

You can also use the tool PsGetsid to translate SIDs to their display name. Then go to Group Policy Management Default Domain Controllers Policy Group Policy Management Editor Computer Configuration Policies Windows Settings Security Settings Local Policy User Rights Assignment , and add the group to the Manage auditing and security log Properties. In addition, here is another post for reference. Hope helps.Noya Lau TechNet Community Support

You can also use the tool PsGetsid to translate SIDs to their display name. Then go to Group Policy Management Default Domain Controllers Policy Group Policy Management Editor Computer Configuration Policies Windows Settings Security Settings Local Policy User Rights Assignment , and add the group to the Manage auditing and security log Properties. In addition, here is another post for reference. Hope helps.Noya Lau TechNet Community Support

I am getting the following error on my Exchange 2010 sp2 server. Event ID 6006 SACL Watcher servicelet found that the SeSecurityPrivilege privilege is removed from account S-1-5-21-1844404272-1730432442-2099212325-5411 The suggestion is the add the Domain\Exchange Servers group Manage Auditing and security log user right on the default domain controllers policy. It is already there Any other thoughts to resolve the error The error just appeared last week the server has been running Exchange SP2 for two months with no issues.

Hi, I got that error on two Exchange 2010 SP2 Servers after two DomainControllers had been decomissioned. A restart of the service MSExchangeADTopology got rid of that annoying error.Martina Miskovic

What does the SID resolve to? You can use LDP.EXE to resolve the SID to a security principal. I'm not sure whether the SACL Watcher checks the effective rights on the DCs or simply checks the DDP settings. I suspect the former. Do you maybe have another (new?) policy applied to the DCs that changes this setting? You could also try running DOMAINPREP again to see if that fixes the issue.Alexei