Identify and delete unresolved SIDs

Background / Value

SIDs (Security Identifiers) are character strings that are used to identify user and group accounts in Active Directory. SIDs become unresolved when users or groups with direct access rights on file servers are deleted in AD.

By using unresolved SIDs insider threats can gain access to sensitive resources. ARM clearly identifies unresolved SIDs in your system allowing you to delete them.

 

Related features

Remove unresolved SIDs in bulk (web client)

 

Step-by-step process

  1. Select "Dashboard".
  2. Click on "Unresolved SIDs".

 

  1. Enter a title for the report and add a comment.
  2. Define the range of the report.
  3. Define the desired report settings.
  4. Start the report.

 

Open the report in your spreadsheet application.

  1. Switch to the file server tab.
  2. All unresolved SIDs are listed in the report.

 

  1. Select "Resources".
  2. Select an affected directory.
  3. Right-click on the directory and select "Modify access rights..." from the context menu.

 

  1. Right-click the unresolved SID.
  2. Select "Remove" from the context menu.
  3. Click "Apply".

 

  1. ARM lists all planned changes.
  2. You must enter a comment.
  3. Start the process.