?
Solved

Cannot add domain group or user to a Windows 2008 server local group.

Posted on 2014-04-13
6
Medium Priority
?
1,846 Views
Last Modified: 2014-04-14
Hello,

We have a Windows 2008 domain server which provides file service to our users.  We add domain groups to the server local administrator group.  We have realized those domain groups are all replaced with some string of characters such as S-1-5-21-873248931749837981732.  We cannot even add any domain group or user to the local adminstrator group.  

Experts, please advise if you know what is going on or how to fix this.  If possible, we do not want the server to be reboot.   Rejoining the server to the domain might fix the issue but that will require a reboot.  

Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39998069
I am not sure this can be fixed in a way that would require a server reboot. Personally, I think re-joining to the domain would be the ideal thing to try first. It sounds like its relationship with A.D. is not behaving.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39998073
Are the users in the same domain as the server ?

The fact it is showing up SIDS could be either am issue of resetting the machine account I the domain (rejoin easiest method)

Ir this behavior is simply expected if be domains are separate since these might be foreign security principals.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998075
The simple explanation to this is "It's called a SID" like a reference number in AD. Every object in AD has one and you are looking at it there. Why is it there?? that's a harder question. I would suggest this link which not only explains all the possibilities but also details multiple methods of finding why it's there and what it might belong to (most commonly it's a deleted user)

Enjoy :)

http://community.spiceworks.com/topic/275207-unknown-numbers-instead-of-user-names-in-active-directory-sites-and-services
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 39998097
If you don't reboot the server how do you patch?  You should be scheduling a reboot at least once per month.  

That said, you MIGHT be able to reset the domain membership WITHOUT a reboot - I haven't intentionally done this in probably 10+ years, but I BELIEVE you can disjoin the domain, then cancel the reboot prompts and log out.  THEN login and and rejoin.  Logout and login again.  Done.  STRONGLY recommend you TEST first and only do this if you are certain you'll be able to reboot if it fails.  Further, MAKE A BACKUP FIRST.
0
 

Author Closing Comment

by:nav2567
ID: 39998637
Thanks, everyone.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998683
Answer.?
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question