Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cannot add domain group or user to a Windows 2008 server local group.

Posted on 2014-04-13
6
1,828 Views
Last Modified: 2014-04-14
Hello,

We have a Windows 2008 domain server which provides file service to our users.  We add domain groups to the server local administrator group.  We have realized those domain groups are all replaced with some string of characters such as S-1-5-21-873248931749837981732.  We cannot even add any domain group or user to the local adminstrator group.  

Experts, please advise if you know what is going on or how to fix this.  If possible, we do not want the server to be reboot.   Rejoining the server to the domain might fix the issue but that will require a reboot.  

Thanks.
0
Comment
Question by:nav2567
6 Comments
 
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39998069
I am not sure this can be fixed in a way that would require a server reboot. Personally, I think re-joining to the domain would be the ideal thing to try first. It sounds like its relationship with A.D. is not behaving.
0
 
LVL 29

Expert Comment

by:becraig
ID: 39998073
Are the users in the same domain as the server ?

The fact it is showing up SIDS could be either am issue of resetting the machine account I the domain (rejoin easiest method)

Ir this behavior is simply expected if be domains are separate since these might be foreign security principals.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998075
The simple explanation to this is "It's called a SID" like a reference number in AD. Every object in AD has one and you are looking at it there. Why is it there?? that's a harder question. I would suggest this link which not only explains all the possibilities but also details multiple methods of finding why it's there and what it might belong to (most commonly it's a deleted user)

Enjoy :)

http://community.spiceworks.com/topic/275207-unknown-numbers-instead-of-user-names-in-active-directory-sites-and-services
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 39998097
If you don't reboot the server how do you patch?  You should be scheduling a reboot at least once per month.  

That said, you MIGHT be able to reset the domain membership WITHOUT a reboot - I haven't intentionally done this in probably 10+ years, but I BELIEVE you can disjoin the domain, then cancel the reboot prompts and log out.  THEN login and and rejoin.  Logout and login again.  Done.  STRONGLY recommend you TEST first and only do this if you are certain you'll be able to reboot if it fails.  Further, MAKE A BACKUP FIRST.
0
 

Author Closing Comment

by:nav2567
ID: 39998637
Thanks, everyone.
0
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 39998683
Answer.?
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question