Skip to main content
IMD token-based activation fails for AD user logged on macOS
Updated over 10 months ago

This article applies to:

  • OS: macOS

  • Product edition: inSync Cloud/On-Premise

Problem description

inSync’s token based activation fails with the below error on a macOS, where the user is logged in with their Active Directory credentials.

Error: “ [ERROR] Unable to get userinfo in active directory for user John, error 17664”

Cause

The Object GUID of the logged-in user fails to match with that of the mapped user.

Traceback

Following traceback can be found in the logs.

<code>
[ERROR] Unable to get userinfo in active directory for user John, error 17664
[INFO] IMD: objectSID=S-1-5-21-91837XXX0-26XXXXXX98-6XXXX7-2XX4, email=, massDeploy_ver=2
<code>

💡 Tip

The objectSID can be smaller than the above string, which will indicate that the user is logged in with a local MAC account.


Resolution

  1. Identify the object GUID on macOS using the below command:
    Macos-01:~ john$ dsmemberutil getsid -U
    S-1-5-21-918777XXX0-26XXXXXX98-8XXXX7-8XX4

  2. Verify the SID output with the SID of the user from Active directory (Active Directory Users and Computers).
    To check User SID via attribute editor on AD Server, refer the following steps:

    1. Launch Active Directory Users and Computers.

    2. Click View > Advanced Features.

    3. Scroll down to the user you want to know about and open the Properties.

    4. Open the Attribute Editor tab

    5. Scroll down to the " ObjectSID " attribute.

    6. After comparing the SID, you may find that it is not matching.

    7. Compare the SID from ObjectSID and the SID obtained after running the object GUID command. You may find that the SIDs do not match.

  3. Advise the user to login with the correct credentials or ask the IT administrator to check why the user SID has changed.

See also

Did this answer your question?