Windows Server 2008 Adding Users to Group Problem

I will try it as the  actual administrator and see if it works any differently and I'll post back.  Thanks!

I logged in as Administrator but it still happens. It happens on all the groups I've tried so far.  I don't know how to check AD but if you can provide more direction, I'll give it a shot.

More details:

As soon as I click the add button, I get a dialog containing the following message:

Windows Security
Enter Network Password
Enter the name and password of an account with permissions for <name of domain is here>

So I enter my network credentials and it allows me to add the user.

I see now that if I login to the server with my domain account, it doesn't prompt me when I add a user. So this is a privilege that my domain account has but the local admin accounts do not.  All other admin accounts, including Administrator, prompt for my domain credentials as soon as I click the add button.  

If I was modifying a domain group, that would make sense to me.  They did give my domain account some special privilege so that I could join the server to the domain. But these are local groups defined on the server, not on the domain. And at the point I hit the Add button, I have not entered the user name yet and the prompt comes up right away, so it doesn't know at that point if I am adding a domain user or a local user.

So the upshot is that adding a local user to a local group requires a domain authentication? Does that make sense?

Thanks!

yes, that is right.  It turns out that I just have to cancel the dialog if I want to add a local user and it works.  I was making the bad assumption that it would not ask me to authenticate unless I really needed it.  It turns out it just asks me to authenticate in case I might need it.

Maybe I'm missing something, if you are managing a security group from outside the domain (logged on with local account) you will get prompted for authentication, the domain needs to know who is issuing that request.  Is there something that is preventing you from being logged on with a domain account?

Hi MrMagoo, I was thinking that if I am logged on with a local account and only adding a local user to a local group that the domain does not need to be involved. It turns out that is true, I can perform the task without authenticating to the domain. It's just that I have to cancel the unnecessary dialog box asking me to authenticate to the domain.

On the other hand, if I am working on something that the domain really does nedd to know about, it does not work if I cancel the dialog box.  The dialog box keeps popping up because the domain really is involved.  So that is OK.

My confusion was that I was assuming that windows would not ask me to authenticate to the domain unless I actually needed to.  That is not the case, it asks me to authenticate to the domain regardless. But if I don't really need the domain, I can cancel the dialog box and complete the task.

I see now that the reason it is asking me to authenticate to the domain is that the default Location on the "Select Users or Groups" dialog is the domain.  When I click on the "Add" button and the dialog opens, if the location is set to the domain then it tries to authenticate, if not already authenticated.  

If I click on the "Add" button but the location has previously been changed (in that session), then it doesn't do that.   I assume that there is a way to change the default Location value but that doesn't seem worthwhile (or even a good idea).