(imported topic written by SystemAdmin)
I’ve stumbled upon an issue I cannot figure out, and was hoping someone could shed some light, or at least suggest some additional troubleshooting steps. I’ve isolated the issue as best I could, and made it apparent via a series of questions in the QNA. This same issue is affecting other domain id’s as well, such as Enterprise Admins, Schema Admins, etc. Please let me know if you have any ideas on how I can get it to pull the effective permissions for these groups.
q: (it as string, product type of it = nt domain controller product type, x64 of it) of operating system
A: Win2008 6.0.6001, True, False
q: dacl of security descriptor of file “c:\test\test4.txt”
A: D:AI(A;;FA;;;LA)(A;;0x1200a9;;;DA)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)
q: effective access mode for “Domain Admins” of dacl of security descriptor of file “c:\test\test4.txt”
E: Singular expression refers to nonexistent object.
q: exists local group “Domain Admins”
E: The expression could not be evaluated: Windows Error: The specified local group does not exist.
q: exists local group whose (name of it = “Domain Admins”)
A: False
q: exists security account “Domain Admins”
A: True
q: sid of security account “Domain Admins”
A: TESTLAB\Domain Admins