0X00000562

Fix ERROR_MEMBER_IN_ALIAS 0X00000562 in Windows Groups

Windows Errors Intermediate 👁 1 views 📅 May 29, 2026

This error means you're trying to add someone to a group they're already in. Here's why it happens and how to fix it.

You're working through a ticket, adding a user to a security group in Active Directory Users and Computers, or maybe using net localgroup in a batch script. Everything looks right, but when you hit OK or press Enter, you get this error: ERROR_MEMBER_IN_ALIAS (0X00000562). The full message says something like "The specified account name is already a member of the group."

This happens most often when you're automating group membership with PowerShell or a deployment script, and you try to add a user that's already in the group. But it also shows up in the GUI if the user is a member through a nested group, or if you're looking at stale cached data.

What Actually Causes This Error

The error code 0X00000562 (decimal 1378) is Windows telling you: "I can't add this account because it's already there." This sounds simple, but there are a few ways you can hit it:

  • The account is a direct member of the group. You just didn't notice.
  • The account is a member through a nested group. For example, User A is in Group B, and Group B is in Group C. User A is effectively in Group C, but you can't add User A directly to Group C because Windows sees them as already present.
  • The account was added via a Group Policy restricted group. The membership is enforced, and you can't modify it manually.
  • You're using an outdated view in the ADUC console. Hit F5 to refresh and see the real membership list.

The root cause is almost always that the user is already a member, either directly or indirectly. Trying to add them again is a no-op, but Windows throws this error instead of silently skipping it. Annoying, but it protects against duplicate entries.

How to Fix It

Here's the step-by-step fix. I've done this dozens of times. It works.

  1. Check if the account is already a member. Open Active Directory Users and Computers (dsa.msc) on a domain controller, or run this command in an elevated PowerShell prompt:

    Get-ADGroupMember -Identity "YourGroupName" | Select-Object Name, SamAccountName

    Look for the SamAccountName of the user you're trying to add. If they show up here, they're a direct member.

  2. If you don't see them, check for nested group membership. The user might be in another group that's in this group. Run this to see all members recursively:

    Get-ADGroupMember -Identity "YourGroupName" -Recursive | Select-Object Name, SamAccountName, ObjectClass

    If the user appears in that list, they're a member through a nested group. You can't add them directly. You'd need to remove the nested group if you want the user to be a direct member instead.

  3. Check Group Policy restricted groups. If this group is managed by a GPO (look in Computer Configuration > Policies > Windows Settings > Security Settings > Restricted Groups), you can't modify membership manually. The GPO overwrites any changes you make. The fix is to edit the GPO or remove the group from the restricted groups list.

  4. Remove the user from the group if you need to re-add them. If the user is a direct member but you still want to re-add them for some reason, remove them first:

    Remove-ADGroupMember -Identity "YourGroupName" -Members "UserSamAccountName" -Confirm:$false

    Then add them back:
    Add-ADGroupMember -Identity "YourGroupName" -Members "UserSamAccountName"

    That should work. If it still throws the error, the user is probably in the group through a nested path you missed.

  5. If you're using net localgroup on a local machine, run net localgroup "GroupName" to list all members. If you see the user there, you don't need to add them again. If you're scripting and want to avoid the error, use PowerShell's Add-LocalGroupMember cmdlet with a check first:

    $user = 'DOMAIN\UserName'
$group = 'Administrators'
$members = Get-LocalGroupMember -Group $group | Select-Object -ExpandProperty Name
if ($members -notcontains $user) {
    Add-LocalGroupMember -Group $group -Member $user
} else {
    Write-Host "User already in group, skipping."
}

What to Check If It Still Fails

If you've done all that and still get the error, here are three things to check:

  • Replication lag. If you're on a domain controller that hasn't replicated, the membership change you made (like removing the user) might not be visible yet. Wait a few minutes or force replication with repadmin /syncall.
  • Conflicting group scopes. If you're trying to add a global group to a domain local group, and the user is a member of the global group, the user is already effectively a member. Windows sees this and blocks the duplicate. Consider restructuring your groups.
  • Corrupt group object. In rare cases, the group object in Active Directory gets corrupted. Try deleting and recreating the group. Make sure you back up the existing membership list first.

That's it. The error is Windows being strict about not allowing duplicates. Most of the time, the fix is just realizing the user is already there and moving on. But when it's a nested group or GPO issue, these steps will get you sorted.

Was this solution helpful?

ERROR_MEMBER_IN_ALIAS 0X00000562 account already member of group Windows group membership error cannot add user to group group exists error Windows security group duplicate Active Directory group membership local group add user error Group Policy membership conflict Windows error code 1378