Share via

Active Directory Users and Computers security issue

Anonymous
2024-04-18T21:36:34+00:00

When I go to the user properties in AD and I click on the security tab I see lots of unknown accounts followed by a bunch of numbers.

For example: Account Unknown(S-1-5-21-17288237615-122927721-11772389

I understand that these may be permissions for services or applications that are no longer in use. But when I try to remove these unknown accounts. I get an error: You can't remove Account Unknown because this object is inheriting permissions from its parent.

I have 2 questions:

How can I find out the parent for these objects?

Is it okay to remove inheritance so I can remove these unknown accounts and then enable inheritance again?

Thanks in advance for you help.

Windows Server Identity and access Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-04-19T06:54:17+00:00

    Hi Karim Boroumand1,

    Thank you for posting in the Microsoft Community Forums.

    In Active Directory, you may encounter some unknown accounts with SIDs in the format "S-1-5-21-xxxxxxx-xxxxxxx-xxxxxxx" when you browse through user properties and click on the Security tab. These unknown accounts typically fall into one of the following categories:

    1. Deleted or Moved Objects: You might see some unknown accounts that represent objects that have been deleted or moved. These objects' SIDs exist in permission assignments but do not correspond to existing users or groups. This could occur because the object was deleted but permissions were not updated or because the object was moved to another location, but permissions were not updated accordingly.
    2. External Objects: Sometimes, you may encounter unknown accounts with SIDs from other domains or external systems that your current domain cannot resolve. These external accounts often appear in Active Directory as SID values.
    3. System Built-in Accounts: Certain system built-in accounts might also appear as unknown accounts, especially in special circumstances such as domain controller upgrades or migrations.

    It is not recommended that you make a deletion of this form of object, considering the circumstances of your environment, there are many unknown accounts, which may be followed by continued use.

    Best regards

    Neuvi Jiang

    0 comments