Solved

Cannot add domain group or user to a Windows 2008 server local group.

Posted on 2014-04-13
6
1,832 Views
Last Modified: 2014-04-14
Hello,

We have a Windows 2008 domain server which provides file service to our users.  We add domain groups to the server local administrator group.  We have realized those domain groups are all replaced with some string of characters such as S-1-5-21-873248931749837981732.  We cannot even add any domain group or user to the local adminstrator group.  

Experts, please advise if you know what is going on or how to fix this.  If possible, we do not want the server to be reboot.   Rejoining the server to the domain might fix the issue but that will require a reboot.  

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39998069
I am not sure this can be fixed in a way that would require a server reboot. Personally, I think re-joining to the domain would be the ideal thing to try first. It sounds like its relationship with A.D. is not behaving.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39998073
Are the users in the same domain as the server ?

The fact it is showing up SIDS could be either am issue of resetting the machine account I the domain (rejoin easiest method)

Ir this behavior is simply expected if be domains are separate since these might be foreign security principals.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998075
The simple explanation to this is "It's called a SID" like a reference number in AD. Every object in AD has one and you are looking at it there. Why is it there?? that's a harder question. I would suggest this link which not only explains all the possibilities but also details multiple methods of finding why it's there and what it might belong to (most commonly it's a deleted user)

Enjoy :)

http://community.spiceworks.com/topic/275207-unknown-numbers-instead-of-user-names-in-active-directory-sites-and-services
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 39998097
If you don't reboot the server how do you patch?  You should be scheduling a reboot at least once per month.  

That said, you MIGHT be able to reset the domain membership WITHOUT a reboot - I haven't intentionally done this in probably 10+ years, but I BELIEVE you can disjoin the domain, then cancel the reboot prompts and log out.  THEN login and and rejoin.  Logout and login again.  Done.  STRONGLY recommend you TEST first and only do this if you are certain you'll be able to reboot if it fails.  Further, MAKE A BACKUP FIRST.
0
 

Author Closing Comment

by:nav2567
ID: 39998637
Thanks, everyone.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998683
Answer.?
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question