Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cannot add domain group or user to a Windows 2008 server local group.

Posted on 2014-04-13
6
Medium Priority
?
1,853 Views
Last Modified: 2014-04-14
Hello,

We have a Windows 2008 domain server which provides file service to our users.  We add domain groups to the server local administrator group.  We have realized those domain groups are all replaced with some string of characters such as S-1-5-21-873248931749837981732.  We cannot even add any domain group or user to the local adminstrator group.  

Experts, please advise if you know what is going on or how to fix this.  If possible, we do not want the server to be reboot.   Rejoining the server to the domain might fix the issue but that will require a reboot.  

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39998069
I am not sure this can be fixed in a way that would require a server reboot. Personally, I think re-joining to the domain would be the ideal thing to try first. It sounds like its relationship with A.D. is not behaving.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39998073
Are the users in the same domain as the server ?

The fact it is showing up SIDS could be either am issue of resetting the machine account I the domain (rejoin easiest method)

Ir this behavior is simply expected if be domains are separate since these might be foreign security principals.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998075
The simple explanation to this is "It's called a SID" like a reference number in AD. Every object in AD has one and you are looking at it there. Why is it there?? that's a harder question. I would suggest this link which not only explains all the possibilities but also details multiple methods of finding why it's there and what it might belong to (most commonly it's a deleted user)

Enjoy :)

http://community.spiceworks.com/topic/275207-unknown-numbers-instead-of-user-names-in-active-directory-sites-and-services
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 39998097
If you don't reboot the server how do you patch?  You should be scheduling a reboot at least once per month.  

That said, you MIGHT be able to reset the domain membership WITHOUT a reboot - I haven't intentionally done this in probably 10+ years, but I BELIEVE you can disjoin the domain, then cancel the reboot prompts and log out.  THEN login and and rejoin.  Logout and login again.  Done.  STRONGLY recommend you TEST first and only do this if you are certain you'll be able to reboot if it fails.  Further, MAKE A BACKUP FIRST.
0
 

Author Closing Comment

by:nav2567
ID: 39998637
Thanks, everyone.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998683
Answer.?
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question