I ran into this a few weeks ago when applying permissions to terminal server protocol connections. Found that the problem was the DC's in the domain had a corrupted AD replica on it and some of the DC's in the site weren't replicating correctly, so when the terminal server booted and if the DC it connected to to join the machine to the domain happened to be the one which had the corrupted replica on it it would thrown up the GUID of the user account instead. Ended up running the MPS reporting tools (which have DCDiag, Netdiag amongst a pile of other useful reporting tools) for AD and found some weird issues with the replication and fixed that. Rebooted the DC's and hey presto problem went away. Tony Lyne Senior Systems Engineer Computerland Central P O Box 1470 PALMERSTON NORTH Telephone (+64) 06 3537300 Facsimile (+64) 06 3566800 Mobile (+64) 0274 720696 E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx Internet http://www.computerland.co.nz <http://www.computerland.co.nz/> CAUTION: This e-mail message and accompanying data may contain information that is confidential and subject to privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this e-mail in error, please notify me immediately and delete all material pertaining to this e-mail. Thank you. _____ From: Jennifer Hooper [mailto:jennifer.hooper@xxxxxxxxxxxxx] Sent: Friday, 16 July 2004 10:13 a.m. To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Weird 2003 Server issue Hey Guys! We're experiencing a very weird Windows 2003 Server problem here. We have an IBM HS40 BladeCenter that we just built brand new Windows 2003 Server images on them. When we try to add a group from the domain the local admin group, when we hit apply, it wipes out the group name and replaces it with a SID, and anyone in that group can't log in. They get a message that the domain controller is down or can't be contacted. The DC's are 2003 Server as well. We even rebuilt one of the boxes from scratch. Also this is a separate domain from our primary domain, set up for a lab environment. Has anyone seen this and/or know what's going on?? Thanks!! Jennifer Jennifer Hooper Peregrine Systems, Inc. Sr. Network Engineer mailto:jennifer.hooper@xxxxxxxxxxxxx