Event ID 16402 — Group Membership

Updated: November 25, 2009

Applies To: Windows Server 2008 R2

red

When a computer is promoted to become a domain controller, the promotion process adds all Security Accounts Manager (SAM) database accounts to the appropriate security groups in the Active Directory Domain Services (AD DS) database.

Event Details

Product: Windows Operating System
ID: 16402
Source: SAM
Version: 6.0
Symbolic Name: SAMMSG_MEMBERSHIP_SETUP_ERROR
Message: An error occurred when trying to add the account %1 to the group %2. The problem, "%3", occurred when trying to add the account to the group. Please add the account manually.

Resolve

Add the account to the group

The Security Accounts Manager (SAM) database was not able to add the account that was named in the Event Viewer event text to the specified group. Make a note of the account name or security identifier (SID) as well as the group to which the account should be added. Restart the computer when you are prompted. After the computer restarts, add the account to the appropriate group. Perform the following procedure using a domain member computer with the domain administrative tools installed.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To locate an account and add it to the appropriate group:

  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the console tree, right-click the object that represents your domain, and then click Find. The Find Users, Contacts, and Groups dialog box opens.
  3. In Name, type the name of the account that is specified in the event text, and then click Find Now.
  4. Locate the account in Search results, right-click the account, and then click Properties.
  5. On the Member Of tab, click Add. The Select Groups dialog box appears.
  6. In Enter the object names to select, type the name of the group to which the account should be added, and then click OK.
  7. In the properties dialog box for the account, click OK.

Verify

Verify that group memberships in Active Directory Domain Services (AD DS) appear to be accurate. Perform the following procedure using a domain member computer that has domain administrative tools installed.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To verify group memberships in AD DS:

  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Right-click the object that represents your domain, and then click Find.
  3. In Name, type the name of the group for which you want to verify membership.
  4. Click Find Now.
  5. In Search results, right-click the appropriate group name, and then click Properties.
  6. On the Members tab, confirm that the Members list is accurate.

Related Management Information

Group Membership

Active Directory

Community Additions

ADD
Show: