Event ID - 16410

Event Id	16410
Source	SAM
Description	Active Directory Domain Services failed to add a security principal to a well known security principals container. Please have an administrator add this security principal if needed. Security principal name: %1
Event Information	According to Microsoft : Cause : This event is logged when the Active Directory Domain Services failed to add a security principal to a well known security principals container. Resolution : Add the security principal to the well-known security principal's container The Security Accounts Manager (SAM) database was not able to add the account (also known as the security principal) that is named in the Event Viewer event text to the Well Known Security Principals group. Make a note of the account name or security identifier (SID), as well as the group to which the account should be added. Restart the computer when you are prompted. After the computer restarts, add the account to the appropriate group. Perform the following procedure using a domain member computer that has domain administrative tools installed. To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority. To add an account to the Well Known Security Principals group: Open the Active Directory Services Interface Editor (ADSIEdit). To open the ADSIEdit, click Start. In Start Search, type adsiedit.msc, and then press ENTER. In the console tree, right-click ADSIEdit, and then click Connect to. The Connection Settings dialog box opens. In the drop-down list under Select a well known Naming Context, click Configuration, and then click OK. In the console tree, expand the Configuration object, and then double-click the naming context for the configuration. Right-click CN=WellKnown Security Principals, point to New, and then click Object. The Create Object dialog box opens. Ensure that the account is selected, and then click Next. In Value, type the name of the account in the Event Viewer event text, and then click Next. Click Finished. Verify : To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority. Perform the following steps using a domain controller in the domain or administrative workstation that has the ADSI Edit snap-in installed. To verify that the Well-Known Security Principals container has the appropriate objects: Open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type adsiedit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. In the left pane, right-click ADSI Edit, and then click Connect to. In Connection Settings dialog box, under Connection Point, ensure that Select a well known Naming Context is selected, and then select Configuration as the container. If you are using a domain controller in the domain that you need to verify, you can leave the Computer section of the dialog box at its default. Otherwise, select Select or type a domain or server, and then type the fully qualified domain name (FQDN) of a domain controller. Click OK. In the console pane, expand the Configuration container. Expand the container directly below that, which is named CN=Configuration,DomainLDAP, where DomainLDAP is the Lightweight Directory Access Protocol (LDAP) path of your domain. Select the CN=WellKnown Security Principals object in the console pane. In the results pane, you should see a list of objects representing the Well-Known Security Principals. Use the list below to ensure that all Well-Known Security Principals objects are in the container.
Reference Links	Event ID 16410 from Source SAM

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught