Microsoft KB Archive/815226

= It takes more than 15 seconds to resolve a user name when you view an object's properties =

Article ID: 815226

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows XP Professional

-





SYMPTOMS
You want to manage an object that has a discretionary access control list (DACL) and a system access control list (SACL). Examples of such objects are files, folders, registry keys, and printers. When you open the object properties to view the object's security, it may take more than 15 seconds to resolve the security identifier (SID) to a user name.



CAUSE
This problem occurs because the DACL and the SACL contain a disabled user account. The domain member tries to resolve the user principal name (UPN) of a disabled user account for 15 seconds by using the Net Logon service.



WORKAROUND
To work around this problem, use one of the following methods:  Enable the user by using Active Directory Users and Computers. Delete the disabled user account from the DACL and the SACL. To delete the user account from the DACL, click the Security tab of the object properties dialog, and then click the Remove button for the user account. To delete the user account from the SACL, follow these steps:  Click the Security tab of the object properties dialog. Click Advanced. Click the Auditing tab. Click the user account in the list, and then click Remove.</li></ol>

After you do this, you can delete the user by using Active Directory Users and Computers. If the user account is no longer required, you may also delete it by using a group.</li></ol>

<div class="status_section">

STATUS
Microsoft is researching this problem and will post more information in this article when the information becomes available.

<div class="moreinformation_section">

MORE INFORMATION
When you are experiencing this problem, and you use Network Monitor to capture network statistics, you see that the client sends multiple Net Logon frames to domain controllers that contain the user name, and the response contains the 0x0019 operation code. This operation code means LOGON_SAM_USER_UNKNOWN_EX.

For additional information about how to use Network Monitor to capture network statistics, click the following article number to view the article in the Microsoft Knowledge Base:

148942 How to capture network traffic with Network Monitor

Keywords: kbprb KB815226

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.