This article discusses how some security identifiers (SIDs) for well-known built-in groups are unresolved when you modify the user rights assignment in the Default Domain Controllers Group Policy object.
The preceding behavior is expected if the built-in group does not exist on the computer where the Group Policy snap-in is run.
As an example, the following SIDs can be unresolved when you modify Domain Group Policy from a Microsoft Windows 2000 Professional-based workstation because these built-in groups do not exist locally:
Builtin\Account Operators S-1-5-32-548
Builtin\Server Operators S-1-5-32-549
Builtin\Print Operators S-1-5-32-550
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
Well Known Security Identifiers in Windows Server Operating Systems