The account %1 from domain %2 is attempting to use S4USelf for the target client %3, but is not allowed to perform group ...

The account %1 from domain %2 is attempting to use S4USelf for the target client %3,   but is not allowed to perform group expansion on this client's user object.    It may be necessary to adjust the ACL on the TokenGroupsGlobalAndUniversal  attribute on the target client's user object to allow S4USelf to function correctly.    This can also be accomplished by adding %1 to the Windows Authorization Access Group.
English
English (United States)
日本語
Japanese