7,925 questions
Eventid 16 RBAC authorization returns Access Denied for user. Reason: User was not found on Domain Controller
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 20%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tasos Sardelis
51
Reputation points
We have 2 separate AD Forests with 2 way trust Relationship between them. On the first domain (abc.com) we have an Exchange 2019 Server and we get Event id 16 error all the time. The error details are:
(Process w3wp.exe, PID 12272) "RBAC authorization returns Access Denied for user S-1-5-21-1234567890 -2355112122-2581322307-16572 (SID=S-1-5-21-1234567890 -2355112122-2581322307-16572). Reason: User was not found on Domain Controller dc.abc.com".
If I translate the SID to user it returns a username on the 2nd Forest (xyz.com) susch as xyz\user.
I have searched the entire abc.com domain and the above user is nowhere present (of course). Also on the Exchange admin roles no such user is present, actually only AD groups are members of the roles.
How can I find where this error is generated to stop it?'
How the SID of the other domain is appeared when it is nowhere in the domain in scope?
Exchange | Exchange Server | Management
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Kael Yao 37,746 Reputation points Moderator2021-12-06T05:51:44.37+00:00 I tested in my lab and found that if using remote powershell to connect to the Exchange server with the credentials, an event 16 would be generated.
Would it be possible that there are some scripts running with the user's credentials? -
Tasos Sardelis 51 Reputation points
2021-12-07T09:39:05.067+00:00 Hello KaelYao,
Thanks for the response and the effort to test the scenario. I will ask\search the user for any scripts he may run, willingly or not and I'll report back to you.
-
Kael Yao 37,746 Reputation points Moderator
2021-12-10T08:29:01.7+00:00 Hi,
If any update on this issue,please feel free to post back.
Did the issue get resolved?
Sign in to comment
Sign in to answer