Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1860
  • Last Modified:

Cannot add domain group or user to a Windows 2008 server local group.

Hello,

We have a Windows 2008 domain server which provides file service to our users.  We add domain groups to the server local administrator group.  We have realized those domain groups are all replaced with some string of characters such as S-1-5-21-873248931749837981732.  We cannot even add any domain group or user to the local adminstrator group.  

Experts, please advise if you know what is going on or how to fix this.  If possible, we do not want the server to be reboot.   Rejoining the server to the domain might fix the issue but that will require a reboot.  

Thanks.
0
nav2567
Asked:
nav2567
1 Solution
 
Schuyler DorseyCommented:
I am not sure this can be fixed in a way that would require a server reboot. Personally, I think re-joining to the domain would be the ideal thing to try first. It sounds like its relationship with A.D. is not behaving.
0
 
becraigCommented:
Are the users in the same domain as the server ?

The fact it is showing up SIDS could be either am issue of resetting the machine account I the domain (rejoin easiest method)

Ir this behavior is simply expected if be domains are separate since these might be foreign security principals.
0
 
Scott ThomsonCommented:
The simple explanation to this is "It's called a SID" like a reference number in AD. Every object in AD has one and you are looking at it there. Why is it there?? that's a harder question. I would suggest this link which not only explains all the possibilities but also details multiple methods of finding why it's there and what it might belong to (most commonly it's a deleted user)

Enjoy :)

http://community.spiceworks.com/topic/275207-unknown-numbers-instead-of-user-names-in-active-directory-sites-and-services
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you don't reboot the server how do you patch?  You should be scheduling a reboot at least once per month.  

That said, you MIGHT be able to reset the domain membership WITHOUT a reboot - I haven't intentionally done this in probably 10+ years, but I BELIEVE you can disjoin the domain, then cancel the reboot prompts and log out.  THEN login and and rejoin.  Logout and login again.  Done.  STRONGLY recommend you TEST first and only do this if you are certain you'll be able to reboot if it fails.  Further, MAKE A BACKUP FIRST.
0
 
nav2567Author Commented:
Thanks, everyone.
0
 
Scott ThomsonCommented:
Answer.?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now