If anyone can explain why the following is true, I'd greatly appreciate it. I've already wasted an embarrasing amount of time trying to get this working and only solved it by sheer accident. But I have no idea why it works and would like to know in order to avoid making a similar mistake in the future.
We have a W2K DC, one domain and handful of W2K Pro workstations connected. Everything works fine. I've made virtually no changes to the default security policies (mostly out of ignorance). I wanted to grant local admin privileges to myself and one other user, since we both do development.
Went to the individual PCs, logged in as admin, fired up Computer Management > User & Groups and tried adding the two of us as domain users to the Adminstrators group. Double-click on Administrators group, click Add and either one of two things happens. Either the Look In drop-down was disabled so I couldn't add domain users or else after picking the domain and user account and hitting OK, I get the following error message:
"Processing of xxx failed with the following error: the specified domain either does not exist or could not be contacted".
Of course, I can still browse all the users in the domain it can't find, so it clearly knows about it and can see it. I also have access to all the server resources, can log in as a domain user, etc. Thinking there was some security policy being applied (maybe there is?), I hunted around for awhile and didn't come up with anything. Again, we don't USE security policies since it's such a small network. I finally just gave up on it.
Today, I happened to notice the User& Password icon under Control Panel and opened it up on a whim. I was able to add both domain users to the local admin group without a problem. And they show up in the Computer Management console (although can't be changed, see above).
So what exactly is the difference between these two approaches?
I thought the Computer Management console was exactly the same thing. If not, what is it meant for?