Microsoft KB Archive/296854

= Restricted Groups Are Limited to Local Domain Members Only =

Article ID: 296854

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q296854



SYMPTOMS
When you are using Restricted groups, there may be situations where you want to use accounts from other domains such as adding Administrators from other domains into the root domain's enterprise administrator's Restricted group. If you attempt to add users from other domains into a Restricted group in your domain, the following entry may appear in the Winlogon.log file:

Configure Group Membership...

Configure XCORP\Enterprise Admins.

No system mapping is found for XDOM\e2kadcadmin.

No system mapping is found for XDOM\Svc-E2k-ADCAdmin.

Configure XCORP\Schema Admins.

Configure XCORP\Domain Admins.

Group Membership configuration completed with error.

The Application log may contain the following events:

Source - SceCli, Event ID 1202, Security policies are propagated with warning 0x4b8: An extended error has occurred.

Source - Userenv, event ID 1000, TheGroup Policy client-side extension Security was passed flags (17) and returned a failure status code of (1208).



RESOLUTION
Use only users and groups in your local domain when you add to Restricted groups.



STATUS
This behavior is by design.

Keywords: kbenv kberrmsg kbprb KB296854

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.