Unable to add domain users to local groups

J

James Yang

I am trying to add a domain account to the local
Administrators group on a Windows XP Pro workstation. My
network is Windows 2000 / Active Directory.

On a the workstation:

Administrative Tools > Computer Management > Local Users
and Groups > Groups

I open the Administrator group, then press "Add..." The
only thing in the "From this location" box is the local
machine I'm working on, so I press the "Locations"
button. In the resulting window, there is no other
option to select from. The only icon in that window is
the local machine.

Consequently, I cannot add a domain account to the local
Administrators group.

Notes:

-- The computer has been added to the domain. Active
directory is completely aware of the machine and it
functions normally in the domain aside from this issue.

-- Domain admins are administrators on this computer, so
I know the computer knows what the domain is and can
authenticate against it.

-- When I open the Administrators group and it displays
the members of that group, there are two icons. One is
the standard User icon for the local Admininstrator
account. The other is the same icon with a question mark
in front of it and a name like: "S-1-5-21-1615..." etc.
(it's quite long). I'm assuming this second icon is for
the Domain Admin group.
 
C

Cary Shultz [A.D. MVP]

James,

While this might avoid answering your question, have you tried going through
the Control Panel? I have always done it that way and have never tried it
the way that you have tried. That is not to say that your way would not
work....

Is your DNS information correct ( in the TCP/IP Configuration Settings )?

HTH,

Cary
 
G

Guest

Thank you for your help. It is DNS issue. In DHCP
server on only DNS ip addresses for internet name
resolution were on the list. So I add internal network
DNS ip address to the list. Everything works fine now.

James
 
C

Cary Shultz [A.D. MVP]

James,

Glad that everything is working. However, there is still cause for concern
for me. Not only did you need to add your internal DNS Server IP Address
information ( in Option 006 in DHCP ) but you needed to remove any mention
of your ISP's DNS Server(s).....

The only place that this information should be found is in the Forwarders
tab in your DNS MMC!

HTH,

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Unable to add domain users to the local group 2
cannot add local user to local group 6
Prevent some Domain Admin Account from creating USERS, Groups, OUs 2
Removing domain local groups from Wind XP local administrators gro 3
Multiple Access Denied 11
Add additional groups to local Administrators group on Workstation when it joins the domain 3
Privelages for Local Security Group Management 2
Problem with restricted groups 3

Top