• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 937
  • Last Modified:

Event ID 1202 source SceCli - windows 2000 computer with group policy errors

This is the error description for the Event ID:
(Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "troubleshooting 1202 events".
A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").)

When I do this the user is Power Users.  And If I go to Administrative tools --> then  Domain controller security policy the shortcut is gone? that is another strange issue.  

this is not a huge problem but those event errors sure are piling up.  
0
Davidpnelson
Asked:
Davidpnelson
  • 2
  • 2
  • 2
1 Solution
 
Darius GhassemCommented:
If you go into AD Users and Computers then right-click the Domain Controller OU go to properties then find the Domain Controller Properties there.
0
 
DavidpnelsonAuthor Commented:
Yes, I know how to get the the GPO settings.
when I follow the instructions in the event log this is what I get.

C:\Documents and Settings\administrator.TITAN>FIND /I "Cannot find" %SYSTEMROOT%
\Security\Logs\winlogon.log

---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
        Cannot find Power Users.
        Cannot find Power Users.
        Cannot find Power Users.
        Cannot find Power Users.
        Cannot find Power Users.
        Cannot find Power Users.
        Cannot find Power Users.
        Cannot find Power Users.

I can get to my ad users and computers by using the DSA.msc tool, I can read AD and see the GPO but why do I keep getting this error, every minute.
0
 
Darius GhassemCommented:
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
llmanCommented:
Remove Power Users from all Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights for any GPOs linked to the Domain Controllers OU and from any Restricted Groups.
0
 
DavidpnelsonAuthor Commented:
This fixed the issue, thank you.  However do you have any knowledge on how or why this would happen?
0
 
llmanCommented:
I have just encountered most of the time after doing a dcpromo, I do not know what causes it, or if it happens every time.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now