A client requested an operation on a user account, such as changing the password, but the user account could not be found. Make sure that the account was spelled correctly or that the account really exists.
If the user requested resides in Active Directory make sure Active Directory replication is working, and that the user is present on the authenticating domain controller.
As per Microsoft: "This is usually the case where you have a SID that no longer resolves to a username, either because it has been deleted or because it is a SID from a trusted domain where the trust is not working. It could also be that you have a username that cannot be converted to a SID. You can use either the name2sid.exe or lua.exe utility to see if the name is valid in the current domain as well as trusted domains". See "Interpreting Userenv log files" for additional information on this issue.
- M262800 - In this case, the problem occurs because Binlsvc cannot read the Remote Installation Service (RIS) subobject that is created below the computer account object (CAO) in Active Directory.
- M270137 - The problem can appear if the user name includes a slash character (/).
- M892239 - As per this article, this problem can appear because the dsmod command is not designed to support scenarios where a trust relationship exists between forests.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.