Microsoft KB Archive/278693

= Cannot Delete Cloned User Accounts that Include Security Identifier History from Local Groups =

Article ID: 278693

Article Last Modified on 1/29/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1

-



This article was previously published under Q278693



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When you use a tool, such as, the Active Directory Migration Tool (ADMT), to migrate user accounts from a Microsoft Windows NT 4.0 domain to a Microsoft Windows 2000-based system, and then you add these users to a Local group, the accounts cannot be deleted. The following error message is displayed:

The following error occurred while attempting to save properties for group administrators on computer E7ap1.

The specified account Name is not a member of the local group.



RESOLUTION
Please see the resolution section of the following article in the Microsoft Knowledge Base:

266673 Membership From the Local Group Cannot Be Deleted for Migrated Users that Have an SID History Field



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this behavior, you can use any of the following three methods to delete the users from the Local groups:  Use the net command with the following syntax:

net localgroup &quot;localgroupname&quot; &quot;NT4Domain\Username&quot; /delete Use the Usmgr.exe program for domains. To use this method, navigate to the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\Network\User Manager For Domains

Enter the following values:

Key Type = REG_SZ

Key Name = AllowNT5Admin

Value = 1 Disconnect the computer from the network, and then go into Computer Management and delete the user account from the Local group.

Additional query words: regedit exe

Keywords: kbbug kbnofix KB278693

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.