Home
  •  

An account cannot be added to the group

An_account_cannot_be_added_to_the_group_5_Rule (Rule)

Knowledge Base article:

Summary

The Security Accounts Manager (SAM) database was not able to add the account that was named in the Event Viewer event text to the specified group. Make a note of the account name or security identifier (SID) as well as the group to which the account should be added. Restart the computer when you are prompted. After the computer restarts, add the account to the appropriate group. Perform the following procedure using a domain member computer with the domain administrative tools installed.

Resolutions

Verify that the account has rights to manage the security group

External

Element properties:

TargetMicrosoft.Windows.Server.2012.R2.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event SourceMicrosoft-Windows-Directory-Services-SAM
Alert GenerateFalse
RemotableTrue
Event LogSystem
CommentMom2005ID='{FD0B7273-C0CB-49AB-A014-DC2C1B0FAF52}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="An_account_cannot_be_added_to_the_group_5_Rule" Comment="Mom2005ID='{FD0B7273-C0CB-49AB-A014-DC2C1B0FAF52}';MOM2005GroupID=" Enabled="true" Target="AD2012R2Core!Microsoft.Windows.Server.2012.R2.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>System</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Microsoft-Windows-Directory-Services-SAM</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>MatchesMOM2005BooleanRegularExpression</Operator>

              <Pattern>^(16392|16394)$</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>