Question : Windows 2008 R2 cannot resolve SIDs

Brand new IBM x3650 M2 server, loaded, running Windows 2008 R2 64. Currently our domain is in Windows 2000 Native mode until the DC's are upgraded later this year. 25+ servers, mostly 2k3, some 2000, all working fine/normal. When looking at the local Administrators group as well as the local Users goup on the 2k8r2 server, I can see our domain policy apply the restricted groups setting to this system, however the only thing that will show up are the SIDs for those groups. I can add an individual domain user and it'll show up as domainname\user as I would expect, and local groups/user show up fine, it's only the domain groups that are having an issue. If I try to add a group that matches the SID, it does recognize that the group is already added and will not re-add it. One other symptom I've noticed on this server which may or may not be related is that I'm trying to get our networking monitor app service to start with a user account that has domain admin credentials, and no matter the format of the user name, and I am using the correct password, it keeps saying that the username / password is invalid.

Also, almost anyplace I can look up domain groups, all that will show up are the sids for those domain groups. I can look at network share permissions and those show the groups as they should. Also, when running a whoami /all, any domain groups that I'm a member of show up as "unknown SID type"

Things I have tried:

System has been reloaded three times to ensure process of elimination is complete
UAC has been disabled
Firewall service has been shut down
Have tried with all IBM drivers loaded as well as with nothing loaded but what Windows loads
AD Shema has been updated to the latest version
Have attempted to run NetDiag from 2k3r2 but it bombs out partway through
Attemped to look at local policies but apparently I'm not totally up to speed in this area vs. 2000 and 2k3

I think I'm probalby missing some other things I've tried but that's pretty close to everything. I'm curious if I'm missing some obvious step that I should have performed before joining 2k8r2 to a 2000 native mode domain...but haven't been able to find anything regarding that.

If anyone has any ideas/pointers please feel free!!! We're getting pretty close to falling back and running this server with 2003 R2.

Matt

Answer : Windows 2008 R2 cannot resolve SIDs

Turns out this is a known issue, according to a Microsoft forum moderator who is also a Microsoft employee. He says the design team is aware of this and working on an update to resolve this. Other than not displaying the friendly name it appears no functionality is lost.
Thanks!
Matt

Random Solutions

Connect to remote MSDE with Enterprise Manager?

outlook 2003 archiving and roaming users exchange 2003

CAST DATETIME2 to DATETIME

Compiler Error Message: CS1012: Too many characters in character literal

How to customize a GUID creation function

Changing default View in Outlook and Word 2007

word 2003, the password is forgotten, how open the document

How do i block port 25 on my vista laptop?

Subscription licences

Duplicating a record in an MS Access Database