You cannot delete a group in a Windows Server 2003-based domain

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
You cannot delete a group in a Windows Server 2003-based domain.
CAUSE
This problem occurs because there is a conflict between objects that have the same objectSID value. Specifically, a Foreign Security Principal (FSP) object has a name that conflicts with another FSP object. When this problem occurs, the FSP code lets you manipulate only the older FSP object.
RESOLUTION
To resolve the problem, follow these steps:
  1. Use the LDP utility to rename the older object so that it has a new security identifier (SID).
  2. Delete the other conflicting object.
  3. Delete the original object that you renamed in step 1.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Properties

Article ID: 948602 - Last Review: 01/15/2015 01:33:32 - Revision: 1.0

  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • kbnosurvey kbarchive kbexpertiseinter kbtshoot kbprb KB948602
Feedback