No mapping between account names and security IDs was don - by Saygin

Status : 


Sign in
to vote
ID 355414 Comments
Status Active Workarounds
Type Bug Repros 11
Opened 7/8/2008 12:37:09 PM
Access Restriction Public


I get this error message during AS deployment.
"The following system error occurred:  No mapping between account names and security IDs was done. ."
I deployed before. There is no more detail. I do not know where I look and what is the reason of this error?
Sign in to post a comment.
Posted by RBoxall on 4/29/2014 at 10:05 PM
Here's another reason to learn PowerShell this year.

I found I could use the "add-rolemember" cmdlet that comes with the "sqlascmdlets" module in SQL Server 2012.
I've got a list of usernames in the format "domain\user", which I actually get using a SQL query to our CRM system.
I put this list in a $logins variable, and then loop though that adding each user in turn. The cmdlet appears to resolve the SID for each user as they are added.
Because this fails if a user does not exist in AD, I simply add -erroraction "SilentlyContinue" to skip those users.

#import required modules
import-module sqlascmdlets
$Servername = "Your SSAS Server"
$dbName = "Your SSAS Database"
$RoleName = "Your SSAS Database Role"
$logins = <#get the list of logins here#>
$logins | foreach-object {add-rolemember -MemberName $_ -Server $ServerName -Database $dbName -RoleName $Rolename -erroraction "SilentlyContinue"}

Using this and some AMO, it's easy to write a script that cleans up every role in every database on the Analysis Server by removing every role member and then adding them again.

import-module sqlascmdlets
$servername = "Your SSAS Server"
$svr = new-Object Microsoft.AnalysisServices.Server
#for each database on the server
$dbs = $svr.databases
foreach($db in $dbs){
    write-host "Database: $db"
    #for each role in that database
    $roles = $db.roles
    foreach($role in $roles){
        write-host "Role: $role"
        #for each member of that role
        $members = $role.members
        foreach($member in $members) {
            #get their name
            $membername = $member.Name
            write-host "Member: $membername"
            #remove the role member
            Remove-RoleMember -Database $db.Name -RoleName $role.Name -MemberName $membername
            #add the role member again
            Add-RoleMember -Database $db.Name -Rolename $role.Name -MemberName $membername -erroraction "SilentlyContinue"
Posted by Bo Bjerge Jørgensen on 3/7/2014 at 4:48 AM
So this error is so annoying when you have a ssas db with a lot of roles and a lot of members. So some AD admin did some restucture and you cannot deploy your cube. Found out to go like this: In BIDS solution explorer right click roles, select Roles Report..., wait for the potential big report, save as Excel (my way) or PDF for documentation, seach all workbook for text 'invalid', and here you go, all invalid references exposed, then just hard work to correct all affected roles, and you can deploy, at least I could ;O)
Posted by Bob Zhao on 1/21/2013 at 12:22 PM
Today, I might catch the reason why you guys hardly track this issue.
My desktop is in domain, I use SSMS to add new admins(not me, I am admin for win server, SQL, AS, Desktop ), see a lot of GUID in list. Get the same error.
While I log on the Server remotely and use server's SSMS to do the same action, I can see the normal domain user list there.
Wish this could be helpful.
Posted by Sujeet Saha on 12/28/2010 at 5:37 AM
Issue: "No mapping between account names and security IDs was done" error is coming while adding users in a role in SQL Server Analysis Services cube.

I was trying to add some users in SQL Server 2008 Analysis Services - Role Membership section. I was adding valid domain users but still it was not adding the users and throwing an error as - "No mapping between account names and security IDs was done". And the solution is - I found few users were already existing in the role membership which no longer existed in the domain and that's why when I was trying to add an user, it was trying to validate all the listed users and throwing error. I deleted the listed non-existing users and then tried to add the domain user again. This time it worked !! For more solutions, click on Thanks.
Posted by NilsRottgardt on 5/21/2010 at 11:13 AM
Why it is not possible to update the roles from a SSAS Server to a project in BIDS? The SSAS Server would map the SID of the User/Group.

Best regards,
Posted by AtoBI on 1/15/2010 at 4:10 PM
Your solution worked Analysis Services Team. Thank you. To find the invalid user, I opened a Role in Visual Studio that I had not used in a long time. Inside the Role window, I clicked on Membership. Lo and behold, there was a user that we had deleted from our domain. I redeployed and it worked.

Thanks again.

Posted by Erik Caha on 12/4/2009 at 8:27 AM
In my opinion it is very serious bug in deployment process. If you will have three separate domain environment for development, testing and production you are not able to move your solution. More anoying is fact, that also in the case you choose the (Retain roles and members, the roles and members will not be deployed) in the deployment wizard, you are still not able deploy .asdatabase with not existing users.

Posted by Saygin on 7/9/2008 at 1:14 PM
Before filed the problem, I checked roles and their members.
As I remember, previous AS version shows member name like ‘????XXXX????’ that is not exists. I expected to find out member(s) that is not mapped. However, all members and roles seems okey in both BIDS and MS.
After the feedback, I have checked all member one by one. I realized that a member name was changed by our domain admins. If this is the only way to solve this type of problem, when we have hundreds roles and hundreds member, how can we check all members one by one? This is unbeleivable.
Please tell us easy way, at least BIDS ignore this type error and let us deploy project.
Posted by Microsoft on 7/8/2008 at 5:49 PM

Thanks for reporting the problem.
The error message you are getting indicates that Analysis Server received the script containing a username that it cannot resolve. Basically somewhere in one of your security roles you have a member that is no longer part of the domain. Or it might be you are trying to use local user and machine name has changed or you are deploying to different machine.
Unfortunately the error message is not very clear about which exact username Analysis Services has problem with. We are working on getting this fixed.

The Analysis Services Team.