TransWikia.com

During a logon attempt, the user's security context accumulated too many security IDs

Server Fault Asked on November 24, 2021

From the: https://support.microsoft.com/de-de/help/275266/error-message-during-a-logon-attempt-the-user-s-security-context-accum

Error message: During a logon attempt, the user’s security context accumulated too many security IDs

Cause
This behavior occurs because Windows systems contain a limit that prevents a user’s security access token from containing more than 1,000 security identifiers (SIDs). This means that when a user is being validated for access rights to establish a new session with a server, that user must not be a member of more than 1,000 groups in that server’s domain. If this limit is exceeded, access to the server is denied, and the error code 1384 is returned to the user.

The big question: how can I make the "1000" a little bit bigger, like "2000"? On Active directory side.

One Answer

There actually is not a fixed size, the 1,000 is approximate. The number of bytes a group requires in a user token is determined by group type (universal/global/local) and if it is used for impersonation or not.

Windows Server 2012 introduced SID compression, so if you are already at that domain level and it is enabled and the token size is set to the maximum size (64 kb) you need to remove some groups from the user account and most likely restructure the flawed design.

https://dirteam.com/sander/2013/04/05/new-features-in-active-directory-domain-services-in-windows-server-2012-part-21-resource-sid-compression/

Answered by Greg Askew on November 24, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP