This article applies to:
OS: macOS
Product edition: inSync Cloud/On-Premise
Problem description
inSync’s token based activation fails with the below error on a macOS, where the user is logged in with their Active Directory credentials.
Error: “ [ERROR] Unable to get userinfo in active directory for user John, error 17664”
Cause
The Object GUID of the logged-in user fails to match with that of the mapped user.
Traceback
Following traceback can be found in the logs.
<code> [ERROR] Unable to get userinfo in active directory for user John, error 17664 [INFO] IMD: objectSID=S-1-5-21-91837XXX0-26XXXXXX98-6XXXX7-2XX4, email=, massDeploy_ver=2 <code>
💡 Tip
The objectSID can be smaller than the above string, which will indicate that the user is logged in with a local MAC account.
Resolution
Identify the object GUID on macOS using the below command:
Macos-01:~ john$ dsmemberutil getsid -U
S-1-5-21-918777XXX0-26XXXXXX98-8XXXX7-8XX4
Verify the SID output with the SID of the user from Active directory (Active Directory Users and Computers).
To check User SID via attribute editor on AD Server, refer the following steps:Launch Active Directory Users and Computers.
Click View > Advanced Features.
Scroll down to the user you want to know about and open the Properties.
Open the Attribute Editor tab
Scroll down to the " ObjectSID " attribute.
After comparing the SID, you may find that it is not matching.
Compare the SID from ObjectSID and the SID obtained after running the object GUID command. You may find that the SIDs do not match.
Advise the user to login with the correct credentials or ask the IT administrator to check why the user SID has changed.