I'm an MCP consultant, but I've just run into a new problem with a new client.
In migrating older PCs running XP Pro previously joined to an OLD Win Server 2000 Active Directory Domain to a NEW Win Server 2003 AD Domain the Domain Administrator account was not added to the Local Administrators Group. Therefore the only member of the critical Local Administrators group is the Local Administrator. Unfortunately, because this is a new client that is a disorganized non-profit with a revolving door of employees and administrators, NO ONE knows the Local Administrator password. I hoped it was the same as the OLD Domain Admin Password, but NOPE. I of course tried manually adding the Domain Admin account to the Local Administrator group, but NO privs there either.
So the questions is, is there a way to force the Local Machine to accept the Domain Administrators Group as a member of the Local Admin? I looked at Group Policy to see if there might be something, but I couldn't find it.
Is the only resolution a total reinstall of the OS? I'm beginning to think so, but I hope there's an expert out there with some experience to this.