hidden hit counter
Help!

Unable to add domain account to local Administrator group

 
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Active Directory RSS
Next:  Control Panel - help 17  
Author Message
roydragon



Joined: Dec 07, 2005
Posts: 4



PostPosted: Wed Dec 07, 2005 10:23 am    Post subject: Unable to add domain account to local Administrator group

I am trying to add a domain account to the local Administrators group on a Windows XP Pro workstation. My network is Windows 2000 / Active Directory.

On a the workstation:

Administrative Tools > Computer Management > Local Users and Groups > Groups

I open the Administrator group, then press "Add..." The only thing in the "From this location" box is the local machine I'm working on, so I press the "Locations" button. In the resulting window, there is no other option to select from. The only icon in that window is the local machine.

Consequently, I cannot add a domain account to the local Administrators group.

Notes:

-- The computer has been added to the domain. Active directory is completely aware of the machine and it functions normally in the domain aside from this issue.

-- Domain admins are administrators on this computer, so I know the computer knows what the domain is and can authenticate against it.

-- When I open the Administrators group and it displays the members of that group, there are two icons. One is the standard User icon for the local Admininstrator account. The other is the same icon with a question mark in front of it and a name like: "S-1-5-21-1615..." etc. (it's quite long). I'm assuming this second icon is for the Domain Admin group.
Back to top
Sparda



Joined: Jun 27, 2005
Posts: 2062



PostPosted: Wed Dec 07, 2005 10:36 pm    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

Are you able to set local administrators on other domain computers? I'm not sure, but i think this cannot be done, at least not do though the a mmc, might be doable through registary.
Back to top
roydragon



Joined: Dec 07, 2005
Posts: 4



PostPosted: Thu Dec 08, 2005 2:19 am    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

I do the same action , to use the other Windows 2000 server join the domain, and add windows 2000 server to add domain user to local admin group, it is success.

Do window xp / window 2003 server diff behavior for adding domain user to their local account?
Back to top
Sparda



Joined: Jun 27, 2005
Posts: 2062



PostPosted: Thu Dec 08, 2005 7:29 am    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

Yes you can do that with computer, but how about other users on other computers, you say you carn't add a single user to the administrator group one one computer, but can you do it on other computers?
Back to top
roydragon



Joined: Dec 07, 2005
Posts: 4



PostPosted: Thu Dec 08, 2005 1:46 pm    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

o..sorry, let me clarify

i have 3 computers, 1 with Active directory (win 2k server)
and 2 other is windows 2003 server and 3 win 2k server (no AD)

2 and 3 can join the domain succefully
now add a domain uer define in 1 to local admin group of 2 and 3.
The action success in 3 win 2k server, but fail in 2 window 2003 server.

windows 2003 server when add domain user to local admin group, it cannot show the list of domain user..
Back to top
Sparda



Joined: Jun 27, 2005
Posts: 2062



PostPosted: Thu Dec 08, 2005 4:07 pm    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

I see, why don't you just type the user's name in? (it should be typed in using the following sytax: <domain name>\<user name>, is if you have a user called fred, and the domain is called home, you would type home\fred)
Back to top
roydragon



Joined: Dec 07, 2005
Posts: 4



PostPosted: Fri Dec 09, 2005 1:27 am    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

I tried before using
myDomain\myUserName

it return Name not found.... Crying or Very sad
Back to top
JPennington



Joined: Dec 15, 2005
Posts: 1



PostPosted: Thu Dec 15, 2005 5:46 pm    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

Start > run > Type "control userpasswords2"
Click Add
Put in the username and domain
Click Next
Select the "other" radio button
Select "Administrators" from drop down menu.
Finish.


Also, you can use the MMC console and add the Local Users and Groups snap-in for a little better control of local users.

Hopefully this helps.
Back to top
chucketn



Joined: Dec 22, 2005
Posts: 1



PostPosted: Thu Dec 22, 2005 1:44 pm    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

I have the same problem on several XP Boxes. I can add domain account to local admin group by running Network Identification Wizzard and chosing to add the domain account as an administrator, but if I log on as local admin and try to add a domain account to local admin group, the only location shown is the local machine.
I did not set up the XP box, nor the domain server. Could it be a group policy?
I have fixed this problem before by removing the local machine from the domain and re-adding it, but that will not fix these...
Back to top




User: inactive
Posts:



PostPosted: Sat Jul 08, 2006 6:28 pm    Post subject: Re: Unable to add domain account to local Administrator grou [Login to view extended thread Info.]

If your getting "S-1-5-21-1615..." etc as you mentioned this usually means DNS is not functioning properly. Does your problem computer only look to your AD DNS server as it should? Your AD server should only look to itself for DNS and the DNS server on it should have your ISP's DNS server listed as forwarders.
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Active Directory All times are: Eastern Time (US & Canada)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum