Built-In Domain Objects not visible from Member Server

Posted on 2012-08-22
Last Modified: 2012-09-18
We have a new Windows 2008 R2 domain which is functioning well with 2 domain controllers.  We have an old 2003 domain which we have DCPOMO'd out as  the last domain controller, then added it fresh as a member server to the new domain.

It works fine for the most part, but for some reason when we try to add security for a file share (any file share or NTFS security incl new ones) we can see all active directory users and groups apart from the Built-In ones.  I.e. "Administrators" is invisible, "Users" is invisible, but "Domain Admins" is fine.

A manual browse of A/D confirms this - we can browse to the Built-In folder, but groups such as "Administrators" is not visible.

I've confirmed that these are seen from the D/C and client PCs.
Question by:patrickfreer
    LVL 59

    Expert Comment

    by:Darius Ghassem
    The groups you are not seeing are built-in local groups.

    You would need to change to the local computer to add these groups.

    If you want to add Users for the Domain you would need to use Domain Users
    LVL 1

    Author Comment

    No - these are domain objects.  Please see the enclosed screenshots - one from a Domain controller showing where the objects are (and are expected to be) and the other from the member server which is unable to reference them.

    Please note domain is redacted, not faulty.
    LVL 59

    Accepted Solution

    These are not there for permissions but instead are used for user rights assignments.
    LVL 1

    Expert Comment

    What happens when you do not type anything in and try to search?  

    It should populate ALL of the groups including the group you are looking to add. If this does not show anything, then something might be wrong with directory services (check event logs for errors).

    Also, is this a cloned machine, a machine that is being replaced, VM, or brand new machine?

    Please let me know if this helps...  Thank you!

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now