RE: [ActiveDir] AD, DNS, Errors - THE WORKS

Mon, 23 Dec 2002 18:41:33 -0800

Title: Message
Joe,
 
Check Local Policy on each of the DCs.  If any of these was an upgrade (and sometimes, not) of a member that was in a service position before becoming a DC, there are times when a program or application will get installed by a SID that doesn't exist after the machine becomes a DC.  This user account had rights (logon locally, etc.) that no longer exist.
 
Typically, you'll want to look for, oh, say.... Power User.  This user has a tendency to get stuck in the Local Policy of a DC, and given that the Power User cannot exist on a DC, this is the message that you're going to see (and I've seen it alot.....).
 
Look her for more info: http://support.microsoft.com/default.aspx?scid=kb;en-us;247482
 

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone



-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pelle, Joe
Sent: Monday, December 23, 2002 1:24 PM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] AD, DNS, Errors - THE WORKS

Hello!  I have a question about setting up DNS in AD...  The following is my environment (so far):

Empty Root (2 DC's)

Child Domain of Empty Root at HQ (2 DC's) DNS, WINS, DHCP

Child Domain of Empty Root at 'The Plant' (for now, 1 DC's) DNS

DNS is running on all the servers...Every 5 minutes I am getting a warning followed by an error on both Child Domain servers at HQ and The Plant:

Warning:        SceCli 1202

Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Please look for more details in TroubleShooting section in Security Help.

Error:          Userenv 1000

The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).

The DC/DNS server at HQ delegates to The Plant's DNS zone.  I don't have the opposite setup... Should I?  Basically, I want DHCP clients in The Plant to have access to resources at HQ (or vice versa) or another location without having to go up the tree to go back down... 


Any thoughts, suggestions, comments are greatly appreciated!

Thanks!

Joe Pelle

Reply via email to