Restricted Groups Are Limited to Local Domain Members Only (296854)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q296854 SYMPTOMS
When you are using Restricted groups, there may be situations where you want to use accounts from other domains such as adding Administrators from other domains into the root domain's enterprise administrator's Restricted group. If you attempt to add users from other domains into a Restricted group in your domain, the following entry may appear in the Winlogon.log file:
----Configure Group Membership...
Configure XCORP\Enterprise Admins.
No system mapping is found for XDOM\e2kadcadmin.
No system mapping is found for XDOM\Svc-E2k-ADCAdmin.
Configure XCORP\Schema Admins.
Configure XCORP\Domain Admins.
Group Membership configuration completed with error.
The Application log may contain the following events:
Source - SceCli, Event ID 1202, Security policies are propagated with warning 0x4b8: An extended error has occurred.
Source - Userenv, event ID 1000, TheGroup Policy client-side extension Security was passed flags (17) and returned a failure status code of (1208).
RESOLUTION
Use only users and groups in your local domain when you add to Restricted groups.
STATUSThis behavior is by design.
| Modification Type: | Minor | Last Reviewed: | 10/13/2004 |
|---|
| Keywords: | kbenv kberrmsg kbprb KB296854 |
|---|
|