I have a Windows Server 2008 R2 STD
I have a group policy attached to an OU that contains 30 servers
The GPO is a restricted groups policy that sets up local administrators
Policy works on all but one of the servers, actually works on reboot and gpupdate /force but then sometime later 2 (group1 and group2) of the 7 members gets removed. I found this in the winlog file.
----Configure Group Membership...
Configure offer remote assistance helpers.
Error 1332: No mapping between account names and security IDs was done.
No system mapping was found for offer remote assistance helpers.
Configure Administrators.
remove DOMAIN\Group1
remove DOMAIN\Group2
Configure DOMAIN\Group3.
object already member of Administrators.
Configure DOMAIN\Group4
old memberof tattoo list: *S-1-5-32-555,
object already member of Remote Desktop Users.
new memberof tattoo list: *S-1-5-32-555,
Group Membership configuration was completed successfully
Now, I do have a higher GPO with restricted groups policies but they are merging and applying correctly on all the other servers in this OU.
What do you suppose is going on with this one server?
.