Skip to main content
All CollectionsKnowledge BaseEndpoint and SaaS AppsTroubleshooting - Endpoint and SaaS Apps
IMD token-based activation fails for AD user logged on to macOS
IMD token-based activation fails for AD user logged on to macOS
Updated over 10 months ago

This article applies to:

  • OS: macOS

  • Product edition: inSync Cloud

Problem description

inSync’s Integrated Mass Deployment (IMD) token-based activation fails on a macOS where the user has logged in using Active Directory credentials.

IMD activation fails with the below error:

[ERROR] Unable to get userinfo in active directory for user John, error 17664

Cause

Most likely the logged in user and the mapped user’s object GUID is not matching.

In most cases, the object GUID of the logged-in user fails to match with that of the mapped user.

Traceback

Following traceback can be found in the logs.

<code>
[ERROR] Unable to get userinfo in active directory for user John, error 17664
[INFO] IMD: objectSID=S-1-5-21-91837XXX0-26XXXXXX98-6XXXX7-2XX4, email=, massDeploy_ver=2
<code>

💡 Tip

The objectSID can be smaller than the above string, which indicates that the user is logged in with a local Mac account.


Resolution

  1. Run this command on the macOS to identify the object GUID:

    Macos-01:~ john$ dsmemberutil getsid -U
        S-1-5-21-918777XXX0-26XXXXXX98-8XXXX7-8XX4
  2. Compare the SID output with the SID of the user from Active Directory (Active Directory Users and Computers).

    To check the User SID via attribute editor on AD Server:

    1. Launch Active Directory Users and Computers.

    2. Click View > Advanced Features

    3. Scroll down to the user you want to know about and open the Properties.

    4. Click the Attribute Editor tab

    5. Scroll down to the ObjectSID attribute and compare the values.

  3. If the values fail to match, ask the user to login with the correct credentials or inquire with the IT administrator about the reason for which the SID was changed.

See also

Did this answer your question?