Looking in ~ the permissions on part network folders on the network I have just taken obligation for, fairly a few have accounts like 

with full control.

You are watching: S-1-5-21 unknown account

I seem to recall that this usually means that the account is native a domain various other than the "main" domain (there space two domain names on the physical network)

Is over there a means of identifying what this accounts are?


It basically method that the server this file/folder is save on computer on cannot fix the SID to an account name. The method an ACL on a file/folder functions is the it shop the distinct Security i would (SID) the the users and groups that you have actually assigned permissions to, then once a user make the efforts to accessibility that paper Windows compares the user"s SID to the SIDs in the ACL and grants or denies permission based upon that. The reason it doesn"t just use usernames or display names is since they can change (i.e. You deserve to rename a user or readjust their username) yet their SID never ever changes. Girlfriend wouldn"t want a user come lose accessibility to whatever just due to the fact that you had to readjust their username, so making use of a distinct ID that never changes is much better.

So as soon as you pull up the permissions ACL on a file/folder, Windows needs to translate those SIDs in the ACL come a friendly display screen name that you have the right to understand. Because that anyone interested in the technical details, the does this by using the LookupAccountSid function which searches every known domain names for the SID and also retrieves the surname of the domain that the SID is from and the username that the user account that the SID represents.

See more: All I Want Is You Barry Louis Polisar Chords By Barry Louis Polisar

So that is that process that is failing once you see the SID instead of one account name, and also the most common reason for the is that the account no longer exists - if you develop a user account and also assign that permission to accessibility a folder, then delete that user account, friend will check out this. The other possible reason is because the account might be from another domain the your file server (or whichever server the folder is stored on) cannot connect with at this time. The network connection to the other domain can be down, the domain trust could be broken, etc etc. 

Also, a little of a self plug here, yet if you want to discover all instances of this unresolvable SIDs on your file server, you could use my NTFS Permissions Reporter tool: http://cjwdev.co.uk/Software/NtfsReports/Info.html The complimentary version will let you just report all permissions top top the share, yet the traditional edition will certainly let you usage filters come find details permissions such as just showing unresolvable SIDs choose in her case.