All builtin user names cannot be added into Security or Sharing ?

We have AD 2003. We tried to assigned the permission using the Builtin objects, for example, Users, Administrators, Guests, or Backup Operators, etc. We just found out we are not able to. It simply just said "The object name cannot be found."
What could be wrong? Please help.
CastlewoodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WebberCommented:
Ok i haven't done something like that in ages, but i do want to help if i can. So i have one suggestion, dont blame me if i'm wrong :)

Try using domain name in front of the usergroup

Example.com/JohnsGroup
0
CastlewoodAuthor Commented:
No, still not working with the domain name in front.
I also verified the 'Built-in security principals' is ticked for the Object type.
I'm wondering if there somewhere is a policy restricting it??
0
WebberCommented:
Its not a policy restricting it. Because in that case it wouldn't search at all, nor give you the error it couldn't find anything.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

CastlewoodAuthor Commented:
Okay, I found more details....
I found the Builtin user group names are available for setting up permission on the AD servers only. All other member servers don't recognize the Builtin names even the Builtin are defined in ADUC and supposed for the whole AD Domain, correct? Please help.
Can you verify if it is the case in your environment?
0
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
I think this is by design. I'm getting the same results.
0
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
It is by design.
https://technet.microsoft.com/en-us/library/cc771990.aspx

If you check the group scope on the DC, it shows "Built-In Local" and can only be used to assign permissions to resources on domain controllers.

Edit -  Here's some better links:
https://msdn.microsoft.com/en-us/library/bb726980.aspx
https://technet.microsoft.com/en-us/library/dn579255.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.