Right, but if it's only defined in one place or something (e.g. a Restricted Group), it'd be easier to figure out which rights it's defined in than to search the whole GPO for them with gpedit - there's half a gazillion rights to skim. The log usually will have an error like this anytime it has a problem converting a name to a SID, so, each time it couldn't lookup Power Users it would say which right. --Brian
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Rick Kingslan
Sent: Sun 4/25/2004 12:52 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] SCECLI 1202 Events
True - but, if the user doesn't exist, it SHOULDN'T be listed at all. Best
practice dictates removing all rights to defined users that don't need them and
undefined users that don't exist. In this case, Power User doesn't exist, and
therefore any place that hte user is defined, the user should be removed.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Sunday, April 25, 2004 12:37 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] SCECLI 1202 Events
Even easier, just scroll through te log and see what policy/right/whatever
it's trying to apply with Power Users.
--Brian
-----Original Message-----
From: Rick Kingslan [mailto:[EMAIL PROTECTED]
Sent: Sun 4/25/2004 9:40 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] SCECLI 1202 Events
Power Users do not exist on DC's. Go to the Default Domain Controller
Policy and look through all of the User Rights and remove any entries for the Power
User principal. You should also be receiving event 1000's, also - yes?
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft MVP:
Windows Server / Directory Services
Windows Server / Rights Management
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL
PROTECTED]
Sent: Sunday, April 25, 2004 8:33 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] SCECLI 1202 Events
Hello everybody,
I am getting this event very frequently. Event id 1202 "Security
policies are propagated with warning. 0x534 : No mapping between account names and
security IDs was done."
KB Article
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
<http://support.microsoft.com/default.aspx?scid=kb;en-us;324383> gives a good
explantion to this and with this I culd trace that there is a problem with power users
account. When I give this command
1.C:\>FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users.
2.C:\>FIND /I "power users"
%SYSTEMROOT%\Security\templates\policies\gpt*.*
---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM
---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF
3.C:\>FIND /I "[Mapping]" %SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
Here, the machine is an additional domain controller which I promoted
very recently. I culd identfy tha account which is Power users and GPO is Default
Domain Policy. But the Power users is no more existing. How shuld I resolve this. I
think I am very close to the solution, but I really don't know where?? How do I
resolve this??
Regards,
Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group Information Technology
Tel.: +966-1-461-0077 x.209
Moble.: +966-59774015
Email: [EMAIL PROTECTED]
"Save Internet, Keep all the systems patched"
-----------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom/which they are
addressed. If you have received this email in error please notify the system manager
at the following email address: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>. Please
note that any views or opinions presented in this email are solely those of the author
and do not necessarily represent those of Al Faisaliah Group. Internet communications
cannot be guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, arrive late or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the context of this message, which arise as a
result of Internet transmission. Finally, the recipient should check this email and
any attachments for the presence of viruses. Al Faisaliah Group accepts no liability
for any damage caused by any virus transmitted by this email.
-----------------------------------------------------
<<winmail.dat>>
