Event ID 16411 — Well-Known Security Principals Upgrade

Applies To: Windows Server 2008 R2

When a computer is promoted to become a domain controller, the Well-Known Security Principals Upgrade process adds the security principals to the Well-Known Security Principals container in Active Directory Domain Services (AD DS).

Event Details

Product: Windows Operating System
ID: 16411
Source: SAM
Version: 6.0
Message: Active Directory Domain Services failed to rename a security principal in a well known security principals container. Please have an administrator rename this security principal if needed. Security principal name: %1


Rename the security principal

The Security Accounts Manager (SAM) was not able to rename the account that is named in the Event Viewer event text. Locate and rename the account.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority. Perform all steps using a domain member computer with the domain administrative tools installed.

To locate and rename an account:

  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER.
  2. In the console tree, right-click the object that represents your domain, and then click Find. The Find Users, Contacts, and Groups dialog box opens.
  3. In Name, type the name of the account that is specified in the event text, and then click Find Now.
  4. In Search results, right-click the account to be renamed, and then click Rename.
  5. Type the new name, and then press ENTER. A dialog box may appear requesting additional information for the account. Fill in the information as appropriate, and then click OK.


To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority. Perform the following steps using a domain controller in the domain or administrative workstation that has the ADSI Edit snap-in installed.

To verify that the Well-Known Security Principals container has the appropriate objects:

  1. Open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type adsiedit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the left pane, right-click ADSI Edit, and then click Connect to.
  3. In Connection Settings dialog box, under Connection Point, ensure that Select a well known Naming Context is selected, and then select Configuration as the container.
  4. If you are using a domain controller in the domain that you need to verify, you can leave the Computer section of the dialog box at its default. Otherwise, select Select or type a domain or server, and then type the fully qualified domain name (FQDN) of a domain controller, for example, dc1.adatum.com. Click OK.
  5. In the console pane, expand the Configuration container. Expand the container directly below that, which is named **CN=Configuration,**DomainLDAP, where DomainLDAP is the Lightweight Directory Access Protocol (LDAP) path of your domain. For example, if your domain name is adatum.com, the LDAP path is DC=adatum,DC=com.
  6. Select the CN=WellKnown Security Principals object in the console pane.
  7. In the results pane, you should see a list of objects representing the Well-Known Security Principals. Use the list below to ensure that all Well-Known Security Principals objects are in the container.

The list of Well-Known Security Principals should include the following objects:

  • CN=Anonymous Logon
  • CN=Authenticated Users
  • CN=Batch
  • CN=Creator Group
  • CN=Creator Owner
  • CN=Dialup
  • CN=Digest Authentication
  • CN=Enterprise Domain Controllers
  • CN=Everyone
  • CN=Interactive
  • CN=Local Service
  • CN=Network
  • CN=Network Service
  • CN=NTLM Authentication
  • CN=Other Organizations
  • CN=Owner Rights
  • CN=Proxy
  • CN=Remote Interactive Logon
  • CN=Restricted
  • CN=SChannel Authentication
  • CN=Self
  • CN=Service
  • CN=System
  • CN=Terminal Server User
  • CN=This Organization

Well-Known Security Principals Upgrade

Active Directory