scecli 0x534 event id 1202

I am repeatedly getting error scecli 0x534 event id 1202 on my AD and have identified the user as well.
He used to be an account operator and left the organization sometime ago and his account has been deleted.

I can see his username still appearing under Resultant Set of Policy >> User Rights Assignment, Allow log on locally with a red X in front of it.
His username is there but the remove option has been disabled

How can i remove from that list??
LVL 14
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike ThomasConsultantCommented:
You could try useing adsiedit to drill down to the OU where the account was and see if it is lurking.

Also was his account deleted or renamed?
shahzoorAuthor Commented:
it was deleted
Mike ThomasConsultantCommented:
Ok check using adsiedit.msc, connect to configuration then drill down to the OU where the user was.
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

shahzoorAuthor Commented:
on resultant set of policy the computer setting is
Server Operator, Print Operator,Backup Operator,  USERNAME OF DELETED ACCOUNT, Administrators, Operators
Source GPO = Default Domain Controller Policy

When im checking using adsiedit.msc, his name is appearing no where
i have checked OU of Domain & configuration but nothing appears there.
Isn't there an option to search?

PLease run this command to find what users do not have SID resolved.

find /i "cannot find" %SYSTEMROOT%\security\logs\winlogon.log

Now once you get the output, run RSOP.MSC, check the setting that is giving you 1202, check from which GPO it is coming.
Say for example it is coming from Default Domain Policy, then edit the default domain policy to remove that user form the setting.

The reason why the option to remove the user is greyed out is because you are trying to remove it from RSOP output. Just check the GPO and edit that GPO to remove the user.



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shahzoorAuthor Commented:
thanks alot :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.