Resolution
fact
Directory and Resource Administrator 6.30 SP1
symptom
Error: 'Could not get admin group for domain' When Attempting to Add a User Account to a Group
symptom
When attempting to modify group membership on a Windows NT domain, the following failure audit is written to the Application event log on the Directory and Resource Administrator server:
Event Type: Failure Audit
Event Source: MCSAdminSvc
Event Category: MemberAdd
Event ID: 16004
Description:
Target:OnePoint://CN=group_name,DC=domain_name ObjectType:Group Operands:OnePoint://CN=userid,DC=domain_name Action:MemberAdd ReturnCode:0xc0044647:Could not get admin group for domain
The following error message is displayed in the Directory and Resource Administrator MMC interface:
The Administration server could not add domain_name\userid to the group_name group.
Unable to perform this operation because of company policy.
Could not get admin group for domain.
cause
The above error messages occur when attempting to modify group membership in a Windows NT domain containing more than 1,000 local groups. This issue is more likely to occur when adding a user account to a group.
fix
The above described issue was addressed with the release of Hotfix Q12100 for Directory and Resource Administrator (DRA) 6.30 SP1 and is included in all subsequent releases.
Download the latest version of DRA:
Download: Directory and Resource Administrator (requires a password)
To obtain Hotfix Q12100 for DRA 6.30 SP1 please contact NetIQ Technical Support.