hey guys, need some major help here, we have a 10 server farm, each running windows 2000 server. We have 1 pdc that went down and we still have a fully functional bdc. the pdc went down a couple weeks ago and just this week one of our member servers(only running one application and SQL 2000) stopped resolving user names to give them access to that share. for example, we have one folder that has all documents in it and we need everyone in the co. to access it. when i right click on the folder, do the properties thing and go to the security tab, i try to add users to that tab to give them any kind of access, their name shows up correctly until i click apply, then it has trouble resolving the name and reverts it back to just a long number starting with "S" at the beginning. it just looks like some kind of ID. seems that something happened with dns, security, AD, we just can't locate the problem. Again, running windows 2000 sp4 with SQL 2000 on it and this is the only server it's happening to. please help! thanks guys!

one more thing, its not just happening on folders, anything that has security on it, if i go to manage my computer, and in users and groups i'll go to any group in there and add someone, it will do the exact same thing.


You have a breakdown of the Domain happening. The long S numbers are the SID numbers, or Security ID.

You mentioned that your PDC went down... Windows 2000 no longer uses the concept of PDC and BDC, unless you are working with older clients such as Win95 / Win98.

There are a couple things that work with the first domain controller installed on the network... things that keep the global catalog functioning, and a couple other Active Directory housekeeping things.

I would bet that your network is using cached information, and it is expiring. I wonder why you didn't re-build that PDC went down, or at least run DCPROMO to properly de-comission it. If that box is available, plug her in, and get it going. But if you are looking at a virus situation (you didn't elaborate why the PDC went down), you will need to repair that first.

Good Luck and let us know.


i figured as much that the long number with the S was the SID, i just wasnt sure. the reason the pdc went down is just because it was an old machine that crapped on us once and we got it back up, this time the hard drive was not recoverable, and that's why we have the bdc because we knew we had a bad server and we needed a backup. so the bdc is doing everything the pdc did when it was up, the global catalog is on it, AD is fully functional. security on this application server was working when the pdc went down, what happened was when security was being comprised a couple days ago on a folder (which should not have been happening on a production server during the day, don't ask, heh) users were being removed and added and given certain rights, the server froze up for a few minutes while that was happening, now only local names can be added to the security and its happening everywhere on that server. and its not giving us an error, if you put the name in, click apply, it just reverts back to the SID.... if i go to add domain users to certain groups when i go to manage my computer, same thing. so something broke in the process of comprising security for users on one folder. the pdc is going up in another week, but i want to know if there's a fix in the interim while the pdc is down. thanks!

sorry, i meant to say the security was being modified, not comprised....