Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft
MVP:
Windows Server / Directory Services
Windows Server / Rights
Management
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
WebLog -
www.msmvps.com/willhack4food
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Sunday, April 25, 2004 8:33 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] SCECLI 1202 Events
Hello everybody,
I
am getting this event very frequently. Event id 1202 "Security policies are propagated with warning.
0x534 : No mapping between account names and security IDs was
done."
KB Article http://support.microsoft.com/default.aspx?scid=kb;en-us;324383 gives a good explantion to this and with this I culd trace that there is a problem with power users account. When I give this command
1.C:\>FIND /I "Cannot find"
%SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
Cannot find Power
Users.
Cannot find Power
Users.
Cannot find Power
Users.
2.C:\>FIND /I "power
users" %SYSTEMROOT%\Security\templates\policies\gpt*.*
----------
C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM
----------
C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF
3.C:\>FIND /I "[Mapping]"
%SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
[Mapping] gpt00000.dom = Default
Domain Policy
[Mapping]
gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain
Policy
[Mapping] gpt00000.dom =
Default Domain Policy
[Mapping]
gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain
Policy
Here, the machine is an
additional domain controller which I promoted very recently. I culd identfy tha
account which is Power users and GPO is Default Domain Policy. But the Power
users is no more existing. How shuld I resolve this. I think I am very close to
the solution, but I really don't know where?? How do I resolve this??
Regards,
Mohammed
Athif Khaleel
Asst.Network Engineer
AlFaisaliah Group Information Technology
Tel.: +966-1-461-0077 x.209
Moble.: +966-59774015
Email: [EMAIL PROTECTED]
"Save Internet, Keep all the systems patched"
-----------------------------------------------------
This email and any files transmitted with it
are confidential and intended solely for the use of the individual or entity to
whom/which they are addressed. If you have received this email in error please
notify the system manager at the following email address: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>.
Please note that any views or opinions presented in this email are solely those
of the author and do not necessarily represent those of Al Faisaliah Group.
Internet communications cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, arrive late or contain
viruses. The sender therefore does not accept liability for any errors or
omissions in the context of this message, which arise as a result of Internet
transmission. Finally, the recipient should check this email and any
attachments for the presence of viruses. Al Faisaliah Group accepts no liability
for any damage caused by any virus transmitted by this email.
-----------------------------------------------------