jeudi 15 mars 2012

The AD DS BPA should be able to collect data about Group Policy Results setting "Access this computer from the network" from the domain controller...

You run a BPA on your "Active Directory Domain Services" role and you obtain this error:

"The AD DS BPA should be able to collect data about Group Policy Results setting "Access this computer from the network" from the domain controller SERVERNAME"

Open "Active Directory Module for Windows PowerShell" then type:
1) cd C:\Windows\System32\BestPractices\v1.0\Models\Microsoft\Windows\DirectoryServices\
 2) .\DirectoryServices_model.ps1

From Microsoft Technet
 a) Look for “Cannot translate account name to SID” in the output, where is the name of the account that was failed to translate. 
b) Troubleshoot why this account cannot be translated to a SID 

In my case, it was a problem with an account that had been set on "Default Domain Controllers Policy" policy and that no longer existed in the domain. 

Tip: To find what policy contains SID problems, try to backup all your GPOs 

1) Open "Group Policy Management" (or type gpmc.msc in Start>Execute) 

2) You'll see an error message appears in the GPO which contains not mapped SID --> remove the bad SID(s).

Aucun commentaire:

Enregistrer un commentaire