Solved

Server 2003 - Administrators Group Not Found

Posted on 2009-05-19
1
810 Views
Last Modified: 2012-05-07
This may be related to Q_24382549 but our DC is throwing up an error when we try to look at the member list for the Administrators Group. The message is "Some of the object names cannot be shown in their user-friendly form.  This can happen if the object is from an external domain and that domain is not available to translate the object's name"

Clicking on ok lets you view the members but there is an unresolved SID with a CN=ForeignSecurityPrincipals

Now - this is a closed domain - no inter-domain trusts / relationships with other domains.  There is a primary DC with most of the master roles and a secondary backup DC - virtual server on ESXi.

The administrators security group is not accessible by other servers, for example when trying to add the group in security permissions it just doesn't show up in the list of available names / groups etc. If you do an advanced search on names starts with "admin" it comes back with just the Administrator user account.

However - if you search on the DC itself or from a client pc using the ADToolsPack then it can at least find the Administrators group.

Profile folders have stopped working and when client pcs log on to the domain they get a message warning that the user profile cannot be loaded because there are insufficient security rights to the folder.  You can't add the domain administrators group to the security permissions for the respective profile folder because it can't be found !


Any one got any ideas what is going on ?
0
Comment
Question by:cmdown
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24431274

If it's from CN=ForeignSecurityPrincipals it's from a trusted domain. Is anything listed in that container in AD Users and Computers?

> The administrators security group is not accessible by other servers

By design. Built-In groups are only available locally, they share SIDs with local groups on individual systems (the SID for the domain local Administrators group is the same as the SID for a machine local Administrators group).

> You can't add the domain administrators

You can add "Domain Admins", or the (server) local Administrators group though. There's a policy which automatically adds the Administrators group to Roaming Profiles. I suspect it doesn't apply retroactively though.

Chris
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Replication 12 71
NTP time source for DC 3 50
Password change / expire 4 41
SSSD - Automatic kerberos ticket initialization 1 17
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question