0X00000563

Fix ERROR_ALIAS_EXISTS (0X00000563) – Local Group Already Exists

Windows Errors Intermediate 👁 1 views 📅 May 26, 2026

You tried to create or rename a local group in Windows, but one with that name already exists. Here's how to find and clear the conflict.

This error is maddening, but fixable in two minutes.

You're trying to create or rename a local group—maybe for file sharing or a dev environment—and Windows throws ERROR_ALIAS_EXISTS (0X00000563). The message says the group already exists, but you can't see it in lusrmgr.msc. What gives?

The quick fix (direct approach)

  1. Open Command Prompt as Administrator.
  2. Run: 
    net localgroup
    and look for the group you're trying to create. It'll be there even if the GUI hides it.
  3. If it shows up, delete it: 
    net localgroup "GroupName" /delete
  4. Now create your group fresh: 
    net localgroup "GroupName" /add

That works 90% of the time. The reason: net localgroup sees the real SAM database, while lusrmgr.msc sometimes hides groups created by domain policies or leftover SID references.

Why this happens

Windows stores local groups in the Security Account Manager (SAM) registry hive. When a group is created, it gets a relative identifier (RID) and an entry. The error pops up when the name matches an existing entry—even if that entry is orphaned or hidden.

Common triggers:

  • You demoted a domain controller but left behind AD-migrated groups.
  • A previous group rename left a stale entry in the SAM.
  • Third-party software (VPN clients, backup tools) created a group that doesn't appear in the GUI.

Less common variations

1. The group is a built-in alias

Some names like "Administrators" or "Guests" are protected. You can't create a second group with those names—the error is telling you that. Use a different name.

2. SID conflict (rare but real)

If the group shows in net localgroup but refuses to delete with access denied, the SID might be tied to a domain trust that's broken. Check the group's SID:

wmic group where name='GroupName' get sid

If the SID starts with S-1-5-21 (domain SID) instead of S-1-5-32 (built-in), you've got a leftover from an old domain join. Remove it with PowerShell:

Remove-LocalGroup -SID "S-1-5-21-..."

3. Case sensitivity lies

Windows local group names are case-insensitive, but net localgroup treats MyGroup and mygroup as the same. If you're scripting, make sure you're not accidentally trying to create the same name with different casing.

Prevention

  • Before creating a local group in a script, always check with net localgroup | findstr /i "GroupName" and skip creation if it exists.
  • When demoting a domain controller, run net localgroup and manually remove any groups that migrated from AD. They have no use on a workgroup machine.
  • Avoid creating groups with names that match built-in aliases (Administrators, Users, Guests, Backup Operators). You'll just confuse yourself later.

That's it. The error is almost never a real conflict—it's a ghost in the SAM. Kill the ghost, move on.

Was this solution helpful?

ERROR_ALIAS_EXISTS 0X00000563 local group already exists Windows duplicate local group net localgroup error group already exists rename local group fails Windows group conflict SMB alias exists leftover AD group