Microsoft KB Archive/927061

From BetaArchive Wiki
Knowledge Base


Event ID: 1202 occurs when you use Group Policy that defines restricted groups on a computer that is running Microsoft Windows Server 2003

Article ID: 927061

Article Last Modified on 11/22/2006


APPLIES TO

  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition


SYMPTOMS

When you use the Group policy setting that defines restricted groups on a computer that is running Microsoft Windows Server 2003, the following event may be logged in the Application log: Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: date
Time: time
User: N/A
Computer: computer_name
Description: Security policies are propagated with warning. 0x534: No mapping between account names and security IDs was done. Please look for more details in TroubleShooting section in Security Help.


CAUSE

This problem may occur if you add a global group or a universal group as a member of a restricted group.

RESOLUTION

To resolve this problem, remove the global group or the universal group from the membership of the restricted group.

MORE INFORMATION

Because global groups and universal groups are located in the Active Directory, they are restricted. Therefore, you do not have to add a global group or a universal group as a member of a restricted group. Also, if the configured group is a local group, the local group cannot be a member of a global group or of a universal group.

When you view the %windir%\Security\Logs\Winlogon.log file, you will see one or more of the following entries, depending on the type of configured group.

Note In this path, the %windir% placeholder represents the path of the Windows system folder. Typically, C:\Windows is the path of the Windows system folder.

  • If the configured group is a local group, you will see the following entry:

    ----Configure Group Membership.
    Configure local_group_name.
    Aliases cannot be members of other groups.

    Group Membership configuration was completed with one or more errors.

  • If the configured group is a global group, and the computer is a domain controller, you will see the following entry:

    ----Configure Group Membership.
    Configure global_group_name.
    Configure GLOBALNETWORK\Group Policy Creator Owners.
    Member Of list contains invalid alias My Global Group
    Cannot find GLOBALNETWORK\My Global Group.
    Member Of list contains invalid alias My Universal Group
    Cannot find GLOBALNETWORK\My Universal Group.

    Group Membership configuration was completed with one or more errors.


Keywords: kbexpertiseadvanced kbtshoot KB927061



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/927061&oldid=224938
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki