|
Thanks for that, Joe.
Rick has an attention problem. I can't take
responsibility or be accountable for my actions, like most of my fellow citizens
in the US. That would be un-American - and eventually bankrupt the glut of
lawyers in the States, and would have a devastating impact on our
economy.
So, I'm sorry that it took Joe so long to pick up on the
fact that I was not answering your posts timely. It's clearly his fault
for not being more attentive.
;o)
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft
MVP:
Windows Server / Directory Services
Windows Server / Rights
Management
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
WebLog -
www.msmvps.com/willhack4food
Trying grepping (findstr'ing) the INF files in your sysvol
structure for power users or the SID S-1-5-32-547.
joe
Hi
Rick,
I cant
find any entry for power users in domain controller policy.
Is
there any way where we can trace this out and solve the
issue..
I have
used ADSIEDIT yesterday to delete old objects.
Actually, I had a DC which crashed & so I installed this new one and
then seized the roles(PDC,RID) and done the meta cleaup +
adsiedit.
TIA,
Athif
True - but, if the user doesn't exist, it SHOULDN'T be
listed at all. Best practice dictates removing all rights to defined
users that don't need them and undefined users that don't exist. In
this case, Power User doesn't exist, and therefore any place that hte user is
defined, the user should be removed.
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft
MVP:
Windows Server / Directory Services
Windows Server / Rights
Management
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
WebLog -
www.msmvps.com/willhack4food
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Brian Desmond
Sent: Sunday, April 25, 2004 12:37
PM
To: [EMAIL PROTECTED]
Subject: RE:
[ActiveDir] SCECLI 1202 Events
Even
easier, just scroll through te log and see what policy/right/whatever it's
trying to apply with Power Users.
--Brian
-----Original Message-----
From: Rick Kingslan
[mailto:[EMAIL PROTECTED]
Sent: Sun 4/25/2004 9:40 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: [ActiveDir] SCECLI 1202 Events
Power Users do not exist on DC's. Go to the
Default Domain Controller Policy and look through all of the User Rights and
remove any entries for the Power User principal. You should also be
receiving event 1000's, also - yes?
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft
MVP:
Windows Server / Directory Services
Windows Server / Rights
Management
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
WebLog -
www.msmvps.com/willhack4food
Hello everybody,
I am getting this event very frequently. Event id
1202 "Security
policies are propagated with warning. 0x534 : No mapping between account
names and security IDs was done."
KB Article http://support.microsoft.com/default.aspx?scid=kb;en-us;324383 gives a good explantion to this and with this I culd
trace that there is a problem with power users account. When I give this
command
1.C:\>FIND /I "Cannot find"
%SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
Cannot find Power
Users.
Cannot find Power
Users.
Cannot find Power
Users.
2.C:\>FIND /I
"power users" %SYSTEMROOT%\Security\templates\policies\gpt*.*
----------
C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.DOM
----------
C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00001.INF
3.C:\>FIND /I "[Mapping]"
%SYSTEMROOT%\Security\Logs\winlogon.log
---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
[Mapping] gpt00000.dom = Default
Domain Policy
[Mapping]
gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default
Domain Policy
[Mapping]
gpt00000.dom = Default Domain Policy
[Mapping] gpt00001.inf = Default Domain Policy
[Mapping] gpt00000.dom = Default
Domain Policy
[Mapping]
gpt00001.inf = Default Domain Policy
Here, the machine is an additional domain controller
which I promoted very recently. I culd identfy tha account which is Power
users and GPO is Default Domain Policy. But the Power users is no more
existing. How shuld I resolve this. I think I am very close to the solution,
but I really don't know where?? How do I resolve this??
Regards,
Mohammed Athif Khaleel
Asst.Network Engineer
AlFaisaliah
Group Information Technology
Tel.:
+966-1-461-0077 x.209
Moble.:
+966-59774015
Email:
[EMAIL PROTECTED]
"Save Internet, Keep all the systems patched"
-----------------------------------------------------
This email and any files transmitted with it are
confidential and intended solely for the use of the individual or entity to
whom/which they are addressed. If you have received this email in error please
notify the system manager at the following email address: [EMAIL PROTECTED]
. Please note that any views or opinions
presented in this email are solely those of the author and do not necessarily
represent those of Al Faisaliah Group. Internet communications cannot be
guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, arrive late or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the context of this message,
which arise as a result of Internet transmission. Finally, the recipient should
check this email and any attachments for the presence of viruses. Al Faisaliah
Group accepts no liability for any damage caused by any virus ! transmitted by
this email.
-----------------------------------------------------
|
