Solved

Adding Domain User to local Administrators Group in XP.  Active Directory under 2000 Server.

Posted on 2004-08-26
9
200 Views
Last Modified: 2010-04-12
I am trying to add the domain account to the local administrators group on an XP machine, which is under a 2000 Server running Active Directory.

Basically, when a user logs in using his/her domain account he/she must be a local administrator, but not a Domain Administrator.

On the XP machine, I goto computer management -> Groups -> right-click Administrators -> Add to Group -> Add.

Then, I try adding "DOMAIN\user", and I get "The object named "DOMAIN\user" is not from a domain listed in the Select Location dialog box, and is therefore not valid."

Basically, it cannot see the Domain, even though I have joined the domain, and am able to login to the domain.

I can login as Domain Administor, local Administrator, or Domain User, and in no case can I get this to work.  I have also searched google, and found that DNS can cause this.  I have verified that the Netbios name of the 2000 server resolves.  The Netbios name for the XP machine was also already created in Active Directory after joining the domain.

What is wrong?  BTW this is XP Professional.
0
Comment
Question by:shaggy112
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11908098
Hi

Make sure that your dns server is pointing to itself as preferred dns server in tcp/ip and make sure that your client is also pointing to the servers IP as preferred dns server - see if that helps at all,

Deb :))
0
 

Author Comment

by:shaggy112
ID: 11908170
It is, but thanks for the suggestion!
0
 
LVL 2

Accepted Solution

by:
garyy earned 250 total points
ID: 11910804
Can you check your Administrators group. Is there any funny S-1-5 type numbers in here. If so, then your machine didn't join the domain properly. I suggest you check your DNS settings and rejoin the domain

Check DNS is work by doing the following:
From the XP machine
Go to a command prompt (start run cmd and enter)
type nslookup and enter
You should get something similar to this:
Default Server:  domain.microsoft.com
Address:  192.168.0.1
>
now type in the domain computername
>  microsoftserver
This should resolve the dns for the domain name.

If you can do this, you should be able to add accounts to the domain.
If you can't, then you may well have some dns settings configured incorrectly.

Hope this helps
Thanks
Gary

0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 20

Expert Comment

by:Debsyl99
ID: 11911179
Hi

You can also check that the internet connection firewall isn't enabled on the XP client if you haven't already done so - Uncheck it in the advanced tab on tcp/ip properties on the XP's lan connection. Also when you start nslookup if it doesn't find the server name for your dc, make sure you have a reverse lookup zone configured in dns on the server containing a pointer record for your server.

I have to concur with Gary though - sounds like it's not correctly joined to the domain,

Deb :))

0
 

Author Comment

by:shaggy112
ID: 11912571
Thanks for the reply's.

I actually can forward and reverse lookup the name of the domain controller from the clients.

I am however getting the strange "S-1-5....".

Is this absolutely a dns issue, or could I be missing something else?

Thanks.
0
 
LVL 2

Expert Comment

by:garyy
ID: 11912797
If you are getting the "S-1-5..." then you do definately need to re-join the domain.

Thanks
Gary
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11913174
Hi
Does this PC think that it's part of the domain? - As Gary has said - Disjoin it, make sure internet connection firewall is definitely disabled, and then rejoin it. The "S-1-5" that you're getting is an unresolvable sid for a user account - All domain accounts have a unique sid (security identifier) - and these then resolve to an actual domain user name like Administrator, Joe Bloggs etc. When they can't be resolved you just get the "S-1-5..." sid account number which basically means that you are not joined to this domain, well at least not properly. How did you join the domain in the first place?

Deb :))
0
 

Author Comment

by:shaggy112
ID: 11915639
I joined the domain by.....

System -> Computer Name
Named the computer
Put in the domain
-> Change.

Then restarted.
0
 
LVL 3

Expert Comment

by:JonIU17
ID: 11918520
Control Panel, User Accounts, Add.  Type the usename, domain, and select other - Administrators.  That should do it.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
An article on effective troubleshooting
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question