Solved

Currupt User Assignment

Posted on 2011-02-24
6
336 Views
Last Modified: 2012-05-11
In user Group policy - rights assignments I have a entry starting with “*S-1-5-21-9918795-2052802652” as a local security setting/Log on as a service  and I thought I read somewhere that could be a corrupt record or user. Can someone tell me if that is the case please?
0
Comment
Question by:rjackmanwyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
smangogna earned 250 total points
ID: 34971451
Usually if you remove the user ho sould have that right, you'll see  those kind of entry

Sergio
0
 

Author Comment

by:rjackmanwyn
ID: 34971491
So If I deleted a user from Active Directory it doesn't remove them from rights assignments?
0
 
LVL 5

Expert Comment

by:smangogna
ID: 34971589
I am not sure if it happens everytime or if you have to wait fo sincronization, but I have seen it very often
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 

Author Comment

by:rjackmanwyn
ID: 34971868
OK one last question. Is it safe to revome this user entry?
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 34971975
Yes, it is safe to remove the entry.
The information stored/referenced are SIDs which is in the format you have when viewing data those entries are looked up and converted to the username, groupname, etc. When the account is deleted, you will only see the references.

This means that you have assigned the GPO to the specific user versus assigning to a group of which this user was a member.

At times using groups to which you add users is better than assigning individual users to GPOs.
0
 

Author Closing Comment

by:rjackmanwyn
ID: 34972884
Thanks to both of you for your help
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question