So recently upgraded added a Windows 2012 R2 server to my existing Windows 2003 network. The purpose is to remove the 2003 server from the environment. The add went fine but now in Event viewer on the new 2012 R2 server I am getting SceCLI Event IF 1202 about 0x534 : No mapping between account names and security IDs was done. I found a pretty good article (below) that helps me find the accounts that are not syncing and they are "besadmin" and "exmerge". But when I go into RSoP it shows me the accounts are in the "Allow log on locally" and "log on as a service". I have searched AD and found that both of these accounts have been removed. BESADMIN was for my Blackberry server, no longer in use and not sure what exmerge is but I'm sure it's with Exchange which is no off-site with Office 365. I would like to remove these two accounts from "Allow log on locally" and "log on as a service" but when I go in through RSoP everything is greyed out. How can I remove those entries so I stop getting the error 1202?