I cannot log on with a Windows-linked group account

Possible cause and solution:
  • The log on did not include the full user name credential.
    Try logging on again, making sure to include the domain name with the user name, like this:
    MyDomain\MyAccountName
    .
  • The number of failed log on attempts exceeded the
    Windows
     security policy and the
    Windows
     account is temporarily locked.
    Wait for the lock to expire (typically about 15 minutes), or contact your
    Windows
     administrator to enable the account.
  • (For systems using
    Windows Server
     Active Directory Domain Services) There might be authentication problems with
    Windows
     groups that have the Domain Local group scope.
    Windows
    -linked groups that reference accounts that are members of
    Windows
     groups with Domain Local scope can fail authentication and authorization checks.
    To solve this problem, either:
    • Add a
      Windows
      -linked group that references a
      Windows
       group with Global scope rather than Domain Local scope. Delete the
      Windows
      -linked group that references the group that is restricted to Domain Local scope.
    • Add individual
      Windows
      -linked accounts explicitly instead of using the
      Windows
      -linked group, and then delete the
      Windows
      -linked group that references the group that is restricted to Domain Local scope. If you prefer to manage these accounts in a group, create a
      FactoryTalk
       user group and add the
      Windows
      -linked accounts as members of that group.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal