Note : Old Post – Republished
Hello World,
We have encountered a strange issue recently and i have to say that MS is not documenting this feature very well.
Symptom 1
In the Event Viewer -Application Log- if you have an error id 1053 and description is similar to “Windows Cannot determine the user or computer name access is denied. Group policy aborted
Symptom 2
When you run the resultant set of policy, if you have a red cross in the report and an error similar to the following in the component status section
Group Policy Infrastructure failed due to the error listed below. (…) Access Denied … policy aborted
Symptom 3
When you run DCDiag, you receive a warning about attribute userAccountControl value that is 0x82020 instead of 0x82000
Default value exists for this UserAccountControl attribute (see http://support.microsoft.com/kb/305144)
Possible Problem
If a machine cannot process the GPO, it’s possible that the UserAccount Control flag value has been changed and you need to reset it to the default value
Solution
You need to reset the value to the default. You will need Adsiedit.msc go to the Domain node and locate the DC who has the problem. Right-click on the DC object and in the attributes tab locate the useraccountControl attribute. The default value should be set to 532480.
In some other blogs, I was reading that pre-creating accounts in your AD could change the value of this attribute
I think that this post might be useful because i’ve seen a lot of people having a “similar” problem. maybe this trick will solve their problems.. Who knows
till next time
See ya