Error when creating new user(Error Message: Some or all identity references could not be translated)

apapapap Member Posts: 67
Hi everyone,
we have a Dynamics NAV 2013 R2 installation (Version 7.10.36897).
The topology of the implementation is the following two virtual machines are used as application servers each one having one DynamicsNAV71 nav server instance,in front of them a load balancer,and behind them a SQL cluster with two nodes(vms) with always On availability group.
Only the windows client is used and windows authentication credential type is used.
NAV is connected into 2 domains (domain 1 and domain 2). All the servers are staged in domain 1. (please see the attachment for the hierarchy tree)
Users from both domains can access the windows client through the load balancer.New NAV Users from domain 1 can be created inside domain 1,and new users from domain 2 can be created inside domain 2a0xm3orc1fv5.jpg

The error is raised when a Super user from domain 1 tries to create one new windows authenticated nav user user from domain 2.
Steps to get the error are the following:
1.Press the dropdownlist for selecting windows user name in new user card page
2.Then in the Select User,Group,Computer dialog box we select the location of domain 2
3.In the check name we pass a valid windows user Domain2\userx
4.When we go to press ok, we are prompted to pass the network credentials for an account with permissions for Domain 2.
5.We pass correct account credentials and when we press ok, we are getting this error: "A call to Microsoft.Dynamics.Nav.Management.DSObjectPicker.DSObjectPickerWrapper.InvokeDialogAndReturnSid failed with this message:Some or all identity references could not be translated)cp1mrz98j7hd.jpg

The strange thing is that if we go and add the user through finding his windows sid from the powershell and then add him with a sql query it works, user is created correctly with any permissions we want,can access the client etc. (or if we use the cmdlet -NewNAVserverUSer)
So if we follow the steps:
1.In powershell
$objUser = New-Object System.Security.Principal.NTAccount(" Domain2\userx ")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
it returns a valid sid sql server


DECLARE @USERSID uniqueidentifier, @WINDOWSSID nvarchar(119), @USERNAME nvarchar(50), @USERSIDTXT varchar(50)

SET @USERNAME = 'Domain2\userx'
SET @WINDOWSSID = 'S-1-x-xx-xxxxx-xxxxx-xxxx-xxxx'

INSERT INTO [dbo].[User]
([User Security ID],[User Name],[Full Name],[State],[Expiry Date],[Windows Security ID],[Change Password],[License Type]
,[Authentication Email])
(@USERSID,@USERNAME,'',0,'1753-01-01 00:00:00.000',@WINDOWSSID,0,0,'')

INSERT INTO [dbo].[User Property]
([User Security ID],[Password],[Name Identifier],[Authentication Key],[WebServices Key],[WebServices Key Expiry Date],
[Authentication Object ID])
(@USERSID,'','','','','1753-01-01 00:00:00.000','')

INSERT INTO [dbo].[Access Control]
([User Security ID],[Role ID],[Company Name])

Any thoughts,proposals are very much appreciated
Kind regards
PS We have found the following two relevant posts but in the first one the issue is bypassed and it won't say why it works or not
and we did find another trusted domain related issue in the following article:


  • Petr86Petr86 Member Posts: 1
    edited 2018-04-19
    @apap Hi, did you find some solution for this problem? I have the same problem with 2 domains.
Sign In or Register to comment.