nav2567
asked on
Cannot add domain group or user to a Windows 2008 server local group.
Hello,
We have a Windows 2008 domain server which provides file service to our users. We add domain groups to the server local administrator group. We have realized those domain groups are all replaced with some string of characters such as S-1-5-21-87324893174983798 1732. We cannot even add any domain group or user to the local adminstrator group.
Experts, please advise if you know what is going on or how to fix this. If possible, we do not want the server to be reboot. Rejoining the server to the domain might fix the issue but that will require a reboot.
Thanks.
We have a Windows 2008 domain server which provides file service to our users. We add domain groups to the server local administrator group. We have realized those domain groups are all replaced with some string of characters such as S-1-5-21-87324893174983798
Experts, please advise if you know what is going on or how to fix this. If possible, we do not want the server to be reboot. Rejoining the server to the domain might fix the issue but that will require a reboot.
Thanks.
I am not sure this can be fixed in a way that would require a server reboot. Personally, I think re-joining to the domain would be the ideal thing to try first. It sounds like its relationship with A.D. is not behaving.
Are the users in the same domain as the server ?
The fact it is showing up SIDS could be either am issue of resetting the machine account I the domain (rejoin easiest method)
Ir this behavior is simply expected if be domains are separate since these might be foreign security principals.
The fact it is showing up SIDS could be either am issue of resetting the machine account I the domain (rejoin easiest method)
Ir this behavior is simply expected if be domains are separate since these might be foreign security principals.
The simple explanation to this is "It's called a SID" like a reference number in AD. Every object in AD has one and you are looking at it there. Why is it there?? that's a harder question. I would suggest this link which not only explains all the possibilities but also details multiple methods of finding why it's there and what it might belong to (most commonly it's a deleted user)
Enjoy :)
http://community.spiceworks.com/topic/275207-unknown-numbers-instead-of-user-names-in-active-directory-sites-and-services
Enjoy :)
http://community.spiceworks.com/topic/275207-unknown-numbers-instead-of-user-names-in-active-directory-sites-and-services
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, everyone.
Answer.?