Even easier, just scroll through te log and see what policy/right/whatever it's trying to apply with Power Users. --Brian
-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Sun 4/25/2004 9:40 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] SCECLI 1202 Events
Power Users do not exist on DC's. Go to the Default Domain Controller Policy
and look through all of the User Rights and remove any entries for the Power User
principal. You should also be receiving event 1000's, also - yes?
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL
PROTECTED]
Sent: Sunday, April 25, 2004 8:33 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] SCECLI 1202 Events
Hello everybody,
I am getting this event very frequently. Event id 1202 "Security policies are
propagated with warning. 0x534 : No mapping between account names and security IDs was
done."
KB Article http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
<http://support.microsoft.com/default.aspx?scid=kb;en-us;324383> gives a good
explantion to this and with this I culd trace that there is a problem with power users
account. When I give this command
1.C:\>FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
2.C:\>FIND /I "power users" %SYSTEMROOT%\Security\templates\policies\gpt*.*
---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM
---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF
3.C:\>FIND /I "[Mapping]" %SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
Here, the machine is an additional domain controller which I promoted very
recently. I culd identfy tha account which is Power users and GPO is Default Domain
Policy. But the Power users is no more existing. How shuld I resolve this. I think I
am very close to the solution, but I really don't know where?? How do I resolve this??
Regards,
Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group Information Technology
Tel.: +966-1-461-0077 x.209
Moble.: +966-59774015
Email: [EMAIL PROTECTED]
"Save Internet, Keep all the systems patched"
-----------------------------------------------------
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom/which they are addressed. If
you have received this email in error please notify the system manager at the
following email address: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. Please note
that any views or opinions presented in this email are solely those of the author and
do not necessarily represent those of Al Faisaliah Group. Internet communications
cannot be guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, arrive late or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the context of this message, which arise as a
result of Internet transmission. Finally, the recipient should check this email and
any attachments for the presence of viruses. Al Faisaliah Group accepts no liability
for any damage caused by any virus transmitted by this email.
-----------------------------------------------------
<<winmail.dat>>
