question

MohammedArifuddin-5370 avatar image
0 Votes"
MohammedArifuddin-5370 asked FanFan-MSFT commented

Cannot add buitin groups in the properties of a user in Active Directory

Hello Folks,

Cannot add buitin groups in the properties of a user in Active Directory

Example : I have user abc in xyz domain, I want to add the user as member of Builtin/Administrators and Builtin/Remote desktop users but i cannot add it.

Need your suggestion.

Regards,

Arif25971-sysadm1.jpg


windows-active-directorywindows-server-2012
sysadm1.jpg (59.4 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Which user do you use to perform this operation?
When you said cannot add buitin groups, would you please show the error messages ?
Or you mean you can add the group ,but after sometime ,the membership would be changed?
Best Regards,

0 Votes 0 ·

Hi,
Which user do you use to perform this operation?
Domain Admin and Enterprise Admin

When you said cannot add buitin groups, would you please show the error messages ?
Buitlingroups are added and after sometime its gets removed automatically ( No error )

Or you mean you can add the group ,but after sometime ,the membership would be changed?

Yes you are right !!

Regards,
Arif

0 Votes 0 ·
Thameur-BOURBITA avatar image
0 Votes"
Thameur-BOURBITA answered MohammedArifuddin-5370 commented

Hi,

It seems that you have permission to edit this group.

You have to use a domain admin account.

Please don't forget to mark this reply as answer if it help you to fix your issue

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HI,

I am doing the changes with domain admin.

Regards,
Arif

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FanFan-MSFT converted comment to answer

Hi,
It seems like effected by the group policy "Restricted Groups" .
I did a test in my lab, if i deploy a restricted Groups for the administrator groups , it will be the same result as you.
26383-9222.jpg

Result :we can add members in the administrators group ,but once the group policy was refreshed, the members added manually will be lost.

At this situation , we can only add the users by group policy you configured before.
The policy was deployed under Computer Configuration” > “Policies” > “Windows Settings” > “Security Settings”. Click on “Restricted Groups.

I would suggest you run a gpresult /h report.html and confirm where did the policy was configured and then through the GPO ,put the user into the administrators group and RDP user groups.

Best Regards,



9222.jpg (57.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thank you so much for your suggestion but unfortunately i don't have user or group in the restricted groups.

Regards,
Arif

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FanFan-MSFT commented

Hi,
Would you lease run the cmd as administrator and type command :gpresult /h report.html on the DC and check the following settings:
26567-9235.jpg
If possible please share a screenshot .(Please hide the private information)
Best Regards,



image.png (127.6 KiB)
9235.jpg (126.6 KiB)
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

I don't have restricted group policy configured in my group policies.

I tried to move that users to another OU ( Test RDP ) and Blocked the inheritance for that OU but still no luck.

I have veeam backup in my environment and tried comparing the attributes of that user.

Regards,
Arif

0 Votes 0 ·
FanFan-MSFT avatar image FanFan-MSFT MohammedArifuddin-5370 ·

Hi,
Was the issue for just one users or for all the users?
How about add the users from other DCs?
Fan

0 Votes 0 ·

Hi,

This issue for single user only.

For other users and new users its working fine.

Regards,
Arif

0 Votes 0 ·
Show more comments