How to remove a “No mapping between account names and security IDs was done” error

Case 1:
This pertains to a domain-joined account on a domain-joined computer. These legacy cmdlets (not PowerShell) have been in my quick-fixes tool box in the past:
 
– Run FIND /I "Cannot find"  %SYSTEMROOT%\Security\Logs\winlogon.log
– Run RSOP.msc to verify the result above
– Edit Gpttmpl.inf from this location:
C:\WINDOWS\SYSVOL\sysvol\hooli.com\Policies\{CCA9638D-415E-4C7E-86B6-F4EE3E195303}\Machine\Microsoft\Windows NT\SecEdit\Gpttmpl.inf
– Delete the SSID entry that was orphanated / mismapped
– Recompile RSOP from MMC (run as Admin)
– Delete entries from %SYSTEMROOT%\Security\Logs\winlogon.log that references the old accounts
Case 2:

Another possible cause of this error is when an old user name (with a unique SID) has been deleted while still being in-use by the system. A corrupted user profile would be another trigger. In any event, such account has been orphanated and require a rebuild. Here’s how to do that:

# Run these in PowerShell as Administrator (not as a regular user)

# Change these variables
$oldUserFolder='C:\Users\olduser'
$newUserFolder='C:\Users\newuser'

# Perform the copy
$fileNamesToSkip=@(
    'Ntuser.dat',
    'Ntuser.dat.log',
    'Ntuser.ini'
)
$oldUserFilesToCopy=Get-ChildItem $oldUserFolder -recurse -Force -EA Ignore| Where-Object{$_.Name -notin $fileNamesToSkip} 
$oldUserFilesToCopy|Copy-Item -Destination $newUserFolder -Recurse -Force -EA Ignore

# Reboot
Restart-computer

2 thoughts on “How to remove a “No mapping between account names and security IDs was done” error”

  1. C:\Users\admin>find /I “Cannot find” %SYSTEMROOT%\Security\Logs\winlogon.log
    FIND: Parameter format not correct

    1. Hi OSEarth, WordPress transposes the double quote in normal display mode. I’ve set the cmdlet lines as ‘code’ so that the ascii char for double quotes are retained.

Leave a Reply

Your email address will not be published. Required fields are marked *