It takes more than 15 seconds to resolve a user name when you view an object's properties (815226)
The information in this article applies to:
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows XP Professional SP1
SYMPTOMSYou want to manage an object that has a discretionary access control list (DACL) and a system access control list (SACL). Examples of such objects are files, folders, registry keys, and printers. When you open the object properties to view the object's security, it may take more than 15 seconds to resolve the security identifier (SID) to a user name.CAUSEThis problem occurs because the DACL and the SACL contain a disabled user account. The domain member tries to resolve the user principal name (UPN) of a disabled user account for 15 seconds by using the Net Logon service.WORKAROUNDTo work around this problem, use one of the following methods: - Enable the user by using Active Directory Users and Computers.
- Delete the disabled user account from the DACL and the SACL. To delete the user account from the DACL, click the Security tab of the object properties dialog, and then click the Remove button for the user account. To delete the user account from the SACL, follow these steps:
- Click the Security tab of the object properties dialog.
- Click Advanced.
- Click the Auditing tab.
- Click the user account in the list, and then click Remove.
After you do this, you can delete the user by using Active Directory Users and Computers. If the user account is no longer required, you may also delete it by using a group.
STATUS
Microsoft is researching this problem and will post more information in this article when the information becomes available.
| Modification Type: | Major | Last Reviewed: | 5/5/2004 |
|---|
| Keywords: | kbprb KB815226 |
|---|
|