Re: Problem deleting an unknown object in a group

I have confirmed that the SID is from the old domain (which no longer exists)
and since the trust has been also deleted, I have deleted the object in the
ForeignSecurityPrincipals container.

The error 0x4b8 is no longer displayed the Application Event log on our DCs.

Thanks,
Dominic

"Dominic" wrote:

Hi Meinolf,

Yes, I can see the SID.
Here's what I can see int he Members tab, and in the
ForeignSecurityPrincipals container :
[SID]CNF:[GUID]

Thanks,
Dominic


"Meinolf Weber" wrote:

Hello Dominic,

Can you see the SID in the administrators group which you are using with
restricted groups?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hi,

We have a problem with our A.D.
We have 9 DC in 8 different sites. All DC are W2K3 Std R2 SP2 with
all
hotfixes.
Domain functionnal level is Windows Server 2003.
We have a GPO that use Restricted Groups to set members of the
Built-In Administrators group. We have an event in Application Event
Log on all DC. SceCLI event #1202 : "Security policies were
propagated with warning. 0x4b8 : An extended error has occurred."

I've enabled debug logging for the Security Configuration client-side
extension and I have found this error in Winlogon.log :
remove SID: S-1-5-21-1047738115-132384186-1539857752-500.
Error 1377: The specified account name is not a member of the local
group.
error removing SID: S-1-5-21-1047738115-132384186-1539857752-500.
This SID is an object from a trusted domain. The trust has been
deleted and we forgot to remove it from the GPO before deleting the
trust.

When I go directly to the Administrators group and I try to delete the
member manually, I receive this warning after clicking on Apply :
The object is no longer a member of this group. It may still appear
due to
standard delays in replication between domain controllers.
I've done this yesterday and I have this message again this morning,
so I know it is not a replication delay.

In the ForeignSecurityPrincipals container, I can see the object. Ca
I delete the object directly in this place ? Will this result in
removing the object from the Administrators group ? Can this cause
other issue ? If yes, what should I do to remove the object from the
Administrators group ?

Thank you very much,
Dominic



.

Relevant Pages

  • Re: Problem deleting an unknown object in a group
    ... I can see the SID. ... "Meinolf Weber" wrote: ... Built-In Administrators group. ... The specified account name is not a member of the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem deleting an unknown object in a group
    ... Can you see the SID in the administrators group which you are using with restricted groups? ... The specified account name is not a member of the local ...
    (microsoft.public.windows.server.active_directory)
  • SID of user in another domain
    ... I have to check whether the current user is a member of Administrators group in another domain. ... In order to do this I try to obtain SID of the user in destination domain. ... There is a call to the function ADsGetObject in this process. ...
    (microsoft.public.platformsdk.security)
  • Re: List users in local administrators group on remote machine
    ... list all users in local administrators group on ... remove user from local administrators group on remote computer ... ' Check first if they are already a direct member. ...
    (microsoft.public.windows.server.scripting)
  • Re: How to make a AD group member of the local administrators grou
    ... Can I use your script and replace the user ingo with the group info or do I ... Clemens de Brouwer ... that group to the local Administrators group. ... ' Check if user already a member. ...
    (microsoft.public.windows.server.scripting)
Loading