Skip to main content
Druva Documentation

IMD token-based activation fails for AD user logged on to macOS

This article applies to:

  • OS: macOS
  • Product edition: inSync Cloud

Problem description

inSync’s Integrated Mass Deployment (IMD) token-based activation fails on a macOS where the user has logged in using Active Directory credentials.

IMD activation fails with the below error:

[ERROR] Unable to get userinfo in active directory for user John, error 17664

Cause

Most likely the logged in  user and the mapped user’s object GUID is not matching.

In most cases, the object GUID of the logged-in user fails to match with that of the mapped user.

Traceback

Following traceback can be found in the logs.
<code>
[ERROR] Unable to get userinfo in active directory for user John, error 17664
[INFO] IMD: objectSID=S-1-5-21-91837XXX0-26XXXXXX98-6XXXX7-2XX4, email=, massDeploy_ver=2
<code>

The objectSID can be smaller than the above string, which indicates that the user is logged in with a local Mac account.

Resolution

  1. Run this command on the macOS  to identify the object GUID:

    Macos-01:~ john$ dsmemberutil getsid -U
    S-1-5-21-918777XXX0-26XXXXXX98-8XXXX7-8XX4

     
  2. Compare the SID output with the SID of the user from Active Directory (Active Directory Users and Computers).

    To check the User SID via attribute editor on AD Server:
    1. Launch Active Directory Users and Computers.
    2. Click View > Advanced Features
    3. Scroll down to the user you want to know about and open the Properties.
    4. Click the Attribute Editor tab
    5. Scroll down to the ObjectSID attribute and compare the values.
  3. If the values fail to match, ask the user to login with the correct credentials or inquire with the IT administrator about the reason for which the SID was changed.
  • Was this article helpful?