I am attempting to run some powershell scripts that update membership of groups based on role attribute on users, then also grabs members of some groups and updates other groups with these members.

I've delegated access through "security" to give this service account write:member and write:memberof for the Groups OU and write:memberof for the OUs containing the user accounts.

I've updated my Default Domain Policy to give this service account Log On As Batch Job permissions.

The scheduled task is running from a Domain Controller.

When I attempt to run the task as the service account I receive the following:

Task Scheduler failed to start "\SITE Role Membership" task for user "DOMAIN\GroupScripts$". Additional Data: Error Value: 2147943785.

What am I missing here?

Hi Allister,

Please follow these steps t troubleshoot:

Type "gpedit.msc", try to configure the following policy:
 [Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment]
1.  Log on as a batch job.
2.  Allow log on locally.

Add the service sccount domain\username to these two policies.

Refer to:

Task Scheduler failed to start - Additional Data: Error Value: 2147943785

If there is anything else regarding this issue, please feel free to post back.

Best Regards,

Anna Wang

• Edited by AnnaWYMicrosoft contingent staff, Moderator Friday, October 31, 2014 8:04 AM
• Proposed as answer by Richard MuellerMVP Friday, October 31, 2014 8:07 AM
• Unproposed as answer by Allister Wade 2 Thursday, November 06, 2014 4:40 AM

Hi Anna

Added the service account to "Allow log on locally" and updated group policy. Confirmed on another non Server Core DC received the change.

Tried again and same result.

Hi

I have a similar problem.
I made the service account member of the builtin\administrators so it should have all rights on DC's, but I am still getting the 2147943785 error.

Any ideas?