Hi all we have windows 2008 and windows 2003 domain controller environment but the problem is ..in application Event viewer continuously receiving EVENT ID :1202 Source :SceCli "Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done. Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events". Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: 1. Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log The string following "Cannot find" in the FIND output identifies the problem account names. Example: Cannot find JohnDough. In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). 2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts: a. Start -> Run -> RSoP.msc b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X. c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. 3. Remove unresolved accounts from Group Policy a. Start -> Run -> MMC.EXE b. From the File menu select "Add/Remove Snap-in..." c. From the "Add/Remove Snap-in" dialog box select "Add..." d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add" e. In the "Select Group Policy Object" dialog box click the "Browse" button. f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1" ============================================================ Can any buddy help me out please...........

Have a look to this Microsoft article about troubleshooting SceCli event ID 1202: http://support.microsoft.com/kb/324383 Have you already tried the steps mentioned in your thread? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

I have tried mention steps but tried to run command output is below C:\>find /i "cannot find" %SYSTEMROOT%\security\logs\winlogon.log ---------- C:\WINDOWS\SECURITY\LOGS\WINLOGON.LOG Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. Cannot find pre. Warning 2: The system cannot find the file specified. any idea please

Hi, Please also try the run the following command and check the result: dcgpofix /ignoreschema gpupdate If it does not work, please also check the following Microsoft KB articles: SceCli 1202 events are logged every time Computer Group Policy settings are refreshed on a computer that is running Windows Server 2008 or Windows Vista http://support.microsoft.com/kb/975566 Event ID: 1202 occurs when you use Group Policy that defines restricted groups on a computer that is running Microsoft Windows Server 2003 http://support.microsoft.com/kb/927061 Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Dear Arthur i have run dcgpofix /ignoreschema..but this command restore the default domain controller policy..thats why i didnt continue this .can you please confirm this if i run this what will be the effect of this..

Hi, By specifying the /ignoreschema parameter, you can enable Dcgpofix.exe to work with different versions of Active Directory. However, default Group Policy objects might not be restored to their original state. To ensure compatibility, use the version of Dcgpofix.exe that is installed with the current operating system. For the detailed information, please refer to the following Microsoft TechNet article: Dcgpofix http://technet.microsoft.com/en-us/library/cc772811(d=lightweight,v=WS.10).aspx Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.