Event ID - 16411

Event Id16411
SourceSAM
DescriptionActive Directory Domain Services failed to rename a security principal in a well known security principals container. Please have an administrator rename this security principal if needed. Security principal name: %1
Event InformationAccording to Microsoft :
Cause :
This event is logged when the Active Directory Domain Services failed to rename a security principal in a well known security principals container.
Resolution :
Rename the security principal
The Security Accounts Manager (SAM) was not able to rename the account that is named in the Event Viewer event text. Locate and rename the account.
To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority. Perform all steps using a domain member computer with the domain administrative tools installed.
To locate and rename an account:
  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER.
  2. In the console tree, right-click the object that represents your domain, and then click Find. The Find Users, Contacts, and Groups dialog box opens.
  3. In Name, type the name of the account that is specified in the event text, and then click Find Now.
  4. In Search results, right-click the account to be renamed, and then click Rename.
  5. Type the new name, and then press ENTER. A dialog box may appear requesting additional information for the account. Fill in the information as appropriate, and then click OK.
Verify :
To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority. Perform the following steps using a domain controller in the domain or administrative workstation that has the ADSI Edit snap-in installed.
To verify that the Well-Known Security Principals container has the appropriate objects:
  1. Open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type adsiedit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the left pane, right-click ADSI Edit, and then click Connect to.
  3. In Connection Settings dialog box, under Connection Point, ensure that Select a well known Naming Context is selected, and then select Configuration as the container.
  4. If you are using a domain controller in the domain that you need to verify, you can leave the Computer section of the dialog box at its default. Otherwise, select Select or type a domain or server, and then type the fully qualified domain name (FQDN) of a domain controller. Click OK.
  5. In the console pane, expand the Configuration container. Expand the container directly below that, which is named CN=Configuration,DomainLDAP, where DomainLDAP is the Lightweight Directory Access Protocol (LDAP) path of your domain.
  6. Select the CN=WellKnown Security Principals object in the console pane.
  7. In the results pane, you should see a list of objects representing the Well-Known Security Principals. Use the list below to ensure that all Well-Known Security Principals objects are in the container.
Reference LinksEvent ID 16411 from Source SAM

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.