3 Best Ways – Fix Account Unknown S-1-5-21 issue on Windows 11?

The issue commonly arises when a local or domain account is deleted, but its permissions remain on system objects like files or folders.

Vigneshwaran Vijayakumar

3 days ago

What is S-1-5-21? It is part of a Security Identifier (SID) in the Windows operating system. SIDs are unique identifiers representing user accounts, groups, and other security principals in Windows. They are essential for managing permissions and access control. SIDs are often seen in the Windows Registry or File System, mapping user profiles. You might be puzzled or worried when you see Account Unknown with an associated S-1-5-21 SID in folder permissions, group policies, or the registry. Here in this article, we will make an in-depth analysis of this identifier and fix this issue on Windows 11. Check out: How to Hide Unhide Drives or Volumes in Windows 11?

Why do you see Account Unknown S-1-5-21-SID in your Windows 11?

Why Account Unknown S-1-5-21 SID issue generally occurs

The appearance of “Account Unknown S-1-5-21-SID” in Windows 11 is typically linked to orphaned or unresolved user account references. The following are the reasons.

Deleted User Accounts
System Migrations or Restorations
Domain Account Changes (in Enterprise Environments)
Software Installations or Uninstallations
Misconfigured User Profiles

When I Encounter “Account Unknown S-1-5-21 SID”, Should I be worried?

“Account Unknown S-1-5-21” in Windows is not a cause for immediate alarm, however, it depends on the context. For example, if you have recently deleted a user account, or you are viewing old backup or migrated data, or if you encounter this identifier in non-critical locations (usually a sign of outdated or redundant entries), then it may be harmless and not a security issue.

However, if you encounter this identifier in Group Policies, Administrative shares, System Settings, or Registry keys, especially in cases where you did not delete any users, it raises security concerns. This situation requires investigation, cleanup of orphaned entries, and ensuring the system’s security to prevent potential breaches.

Understanding S-1-5-21 SID

Let’s break down this identifier.

S – Indicates it is an SID.
1 – The version of the SID Format.
5 – Denotes a predefined identifier authority, specifically the NT Authority.
21 – Represents a unique machine or a domain identifier.

Method 1: How to Fix “Account Unknown S-1-5-21” SID on Windows 11?

Before getting into the fix, it is highly recommended to determine why this SID is appearing. It may be just a leftover reference if a user account is deleted, in Domain Environments, the account may have been removed or disconnected from the domain, a backup restoration might have left old permissions linked to a non-existent account, or a software might have added service accounts or special user accounts during installation. Here are the steps to fix this.

Right-click on the File or Folder that shows the Account Unknown S-1-5-21 SID. In my case, it is a folder E Disk.

Right-click on the folder and click Properties

Click on Properties. It will open the File or Folder Properties.
Now, navigate to the Security tab.

Click Advanced to open the advanced security settings.

You can find the Change Permissions button. Click on that.

Look for the “Account Unknown S-1-5-21” entry in the Permissions list. Select it and then click Remove.

Now, the account will be removed. Finally, click Apply.

Windows will update the security information, kindly be patient.

Windows will update the security information for the folder

Once it completes the process, that is it. You can close the window.
Reopen the same folder Properties again. Now, you can find that the Account Unknown S-1-5-21 has been removed.

Account Unknown S-1-5-21 is successfully removed

Video walkthrough for fixing Account Unknown SID Issue

Fix S-1-5-21 Account Unknown SID issue on Windows 11 | Detailed Guide

Method 2: Remove Account Unknown S-1-5-21 using Command Prompt

There is an alternate approach available using the Command Prompt that can be just as efficient, especially for advanced users or when dealing with system-wide issues. This method provides a way to reset permissions or remove the “Account Unknown” entry from specific files or folders effectively.

Go to the Start menu and search for Command Prompt. Right-click on the Command Prompt, and click on Run as Administrator.

On the CMD, enter the following command and execute it. icacls "C:\Path\To\Folder" /reset

Enter the icals command to remove the Account Unknown using CMD

Note: Here, replace the Path to Folder with the actual folder path where the orphaned SID appears.

Method 3: Delete Account Unknown S-1-5-21 Profile using Regedit

In this method, we will use the Windows registry Editor to remove the S-1-5-21 SID from your Windows 11 PC. Here are the steps.

We will the Run command to open Registry Editor. Use the shortcut Win Key + R to open the Run command.
On the Run, enter the following command regedit and click OK.

User Account Control will prompt for your confirmation, click Yes.
Now, Registry Editor will open. Navigate to the following location where all the Profiles list can be found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Navigate to the Profile List

Look for the folder (Registry key) that is named S-1-5-21………
Right-click on the folder and then click Delete.

Windows will prompt for your confirmation. Click Yes to confirm the deletion. Kindly make sure to delete only the S-1-5-21… Registry Folder.

That is it. Account Unknown SID will now be removed via the Registry Editor.

Information on the Go!

The S-1-5-13 SID is associated with a special security identifier in Windows that typically represents a restricted user group called “Enterprise Domain Controllers”. This group is specifically used in environments with Active Directory (AD), typically on domain controllers.

Frequently Asked Questions

Can I restore a deleted user account associated with “S-1-5-21”?

If the user account associated with the SID was deleted, it’s not possible to directly restore it. However, you can recreate the account with the same username and profile path if necessary, especially if you need to recover settings or permissions linked to the old account.

How do I prevent “Account Unknown S-1-5-21” from appearing in the future?

Regularly clean up old user accounts and ensure that any deleted users are properly removed from permissions, file access settings, and the Registry. Use system cleanup tools or profile management software that automatically detects and removes orphaned SIDs. When migrating accounts or upgrading systems, ensure the migration tool or process properly cleans up old references.

What happens if I leave “Account Unknown S-1-5-21” on my system without fixing it?

Leaving an orphaned S-1-5-21 SID on your system will not immediately break anything, but over time, it may cause problems with user permissions, file access, or system security. Additionally, it could lead to issues when trying to assign new users or manage permissions for files/folders associated with the orphaned SID.

Does “Account Unknown S-1-5-21” appear on all versions of Windows?

“Account Unknown” SIDs are not exclusive to Windows 11. They can appear on older versions of Windows (like Windows 10 or even Windows 7) if an account was deleted or became corrupted, though the appearance and management of these entries may differ slightly across versions.

Take away

In most cases, encountering “Account Unknown S-1-5-21” or similar SIDs on Windows 11 is not a cause for alarm. If the S-1-5-21 SID appears in critical areas like Group Policies, administrative shares, or the Windows Registry, it may indicate a need for cleanup and further investigation to prevent potential threats. Regular maintenance, such as periodic checks for orphaned SIDs, will help ensure that your system remains secure and runs efficiently. Happy Computing! Peace out!

Have Queries?

If you have queries, kindly let us know in the comment section.

Table of Contents