Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Event ID: 1202 occurs when you use Group Policy that defines restricted groups on a computer that is running Microsoft Windows Server 2003

Event ID: 1202 occurs when you use Group Policy that defines restricted groups on a computer that is running Microsoft Windows Server 2003

View products that this article applies to.

Symptoms

When you use the Group policy setting that defines restricted groups on a computer that is running Microsoft Windows Server 2003, the following event may be logged in the Application log:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: date
Time: time
User: N/A
Computer: computer_name
Description: Security policies are propagated with warning. 0x534: No mapping between account names and security IDs was done. Please look for more details in TroubleShooting section in Security Help.

↑ Back to the top

Cause

This problem may occur if you add a global group or a universal group as a member of a restricted group.

↑ Back to the top

Resolution

To resolve this problem, remove the global group or the universal group from the membership of the restricted group.

↑ Back to the top

More information

Because global groups and universal groups are located in the Active Directory, they are restricted. Therefore, you do not have to add a global group or a universal group as a member of a restricted group. Also, if the configured group is a local group, the local group cannot be a member of a global group or of a universal group.

When you view the %windir%\Security\Logs\Winlogon.log file, you will see one or more of the following entries, depending on the type of configured group.

Note In this path, the %windir% placeholder represents the path of the Windows system folder. Typically, C:\Windows is the path of the Windows system folder.
  • If the configured group is a local group, you will see the following entry:
    ----Configure Group Membership.
	Configure local_group_name.
	Aliases cannot be members of other groups.

	Group Membership configuration was completed with one or more errors.
  • If the configured group is a global group, and the computer is a domain controller, you will see the following entry:
    ----Configure Group Membership.
	Configure global_group_name.
	Configure GLOBALNETWORK\Group Policy Creator Owners.
	Member Of list contains invalid alias My Global Group
	Cannot find GLOBALNETWORK\My Global Group.
	Member Of list contains invalid alias My Universal Group
	Cannot find GLOBALNETWORK\My Universal Group.

	Group Membership configuration was completed with one or more errors.

↑ Back to the top

Keywords: kbexpertiseadvanced, kbtshoot, KB927061

↑ Back to the top

Article Info
Article ID : 927061
Revision : 2
Created on : 11/22/2006
Published on : 11/22/2006
Exists online : False
Views : 627