Unless you are entering the group as free text (i.e. just typing it in). Couple of points here. Using restricted group policy on DCs to control domain group membership is bad news. I would simply avoid it. This particular error indicates that you are trying to add a group to a domain local group that is from another domain, and that this is not allowed--at least not on a domain local group. I would go into the Restricted Groups policies that are applying to your DCs (either linked to the Domain Controllers OU or to the Domain) and figure which policy is doing this. You can also run rsop.msc on the DC in question to see which GPO is delivering the winning restricted groups policy.
Darren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 13, 2005 6:13 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Security Group Policy Not Applying It sounds like a restricted groups policy being attempted wrong.....But, from what I've seen, it won't even let you try that. John Sudhir Kaushal <[EMAIL PROTECTED] m> To Sent by: ActiveDir@mail.activedir.org [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Security Group 09/13/2005 07:39 Policy Not Applying AM Please respond to [EMAIL PROTECTED] tivedir.org Thanks for the response.. However i have already checked this and all the related policies in win2003 are not defined in my case.. :-( Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 “You never win Silver, You lose Gold” ---------------------------------------------------------------------------------------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ---------------------------------------------------------------------------------------- <deji @readymaids.com> To: Sent by: <ActiveDir@mail.activedir.org> ActiveDir-owner cc: Subject: RE: [ActiveDir] Security Group Policy Not Applying 09/13/2005 06:00 PM Please respond to ActiveDir http://www.eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&pha se=1 Look at the 0x4b8 section. HTH Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Sudhir Kaushal Sent: Tue 9/13/2005 5:10 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Security Group Policy Not Applying Hi all I'm having an issue with ONE of my DC's (Win2003) not applying a group policy object. in the event viewer of the DC's i'm getting this errors after every 5 min Event id: 1202 "Security policies were propagated with warning. 0x4b8 : An extended error has occurred." When I drill down to the clients winlogon.log file i see the following entry Error 0 to send the control flag 1 over to server. Make a local copy of \\domain.dom\sysvol\domain.dom\Policies\{31B2F340-0160-11D2-945F-00C04FB984F9 }\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND ) Process GP template gpt00000.dom. This is not the last GPO. The log file also specifies: Warning 2 - The system cannnot find the file specified. cannot find the remote desktop users. Configure the remote desktop users. add <domainname>\group name Error 8520 - A local group cannot have another cross domain local group as member. Has anyone ever seen this error and/or know what the solution is. Regards, Sudhir Kaushal Systems Engineer (GIS) Computer Sciences Corporation. India - + 91 120 2582323 Ext. 2649 Denmark - + 45 70100024 Ext. 2649 "You never win Silver, You lose Gold" ----------------------------------------------------------------------------- ----------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ----------------------------------------------------------------------------- ----------- List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ [EMAIL PROTECTED] Vry&-4ibb