Cannot Delete Cloned User Accounts that Include Security Identifier History from Local Groups

When you use a tool, such as, the Active Directory Migration Tool (ADMT), to migrate user accounts from a Microsoft Windows NT 4.0 domain to a Microsoft Windows 2000-based system, and then you add these users to a Local group, the accounts cannot be deleted. The following error message is displayed:

Please see the resolution section of the following article in the Microsoft Knowledge Base:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this behavior, you can use any of the following three methods to delete the users from the Local groups:

1. Use the net command with the following syntax:
   
   net localgroup "localgroupname" "NT4Domain\Username" /delete
2. Use the Usmgr.exe program for domains. To use this method, navigate to the following registry key:
   HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\Network\User Manager For Domains
   Enter the following values:
   
   Key Type = REG_SZ
   
   Key Name = AllowNT5Admin
   
   Value = 1
3. Disconnect the computer from the network, and then go into Computer Management and delete the user account from the Local group.