This article applies to:
OS: macOS
Product edition: inSync Cloud
Problem description
inSync’s Integrated Mass Deployment (IMD) token-based activation fails on a macOS where the user has logged in using Active Directory credentials.
IMD activation fails with the below error:
[ERROR] Unable to get userinfo in active directory for user John, error 17664
Cause
Most likely the logged in user and the mapped user’s object GUID is not matching.
In most cases, the object GUID of the logged-in user fails to match with that of the mapped user.
Traceback
Following traceback can be found in the logs.
<code> [ERROR] Unable to get userinfo in active directory for user John, error 17664 [INFO] IMD: objectSID=S-1-5-21-91837XXX0-26XXXXXX98-6XXXX7-2XX4, email=, massDeploy_ver=2 <code>
💡 Tip
The objectSID can be smaller than the above string, which indicates that the user is logged in with a local Mac account.
Resolution
Run this command on the macOS to identify the object GUID:
Macos-01:~ john$ dsmemberutil getsid -U S-1-5-21-918777XXX0-26XXXXXX98-8XXXX7-8XX4Compare the SID output with the SID of the user from Active Directory (Active Directory Users and Computers).
To check the User SID via attribute editor on AD Server:Launch Active Directory Users and Computers.
Click View > Advanced Features
Scroll down to the user you want to know about and open the Properties.
Click the Attribute Editor tab
Scroll down to the ObjectSID attribute and compare the values.
If the values fail to match, ask the user to login with the correct credentials or inquire with the IT administrator about the reason for which the SID was changed.