I have a windows 2008 server I recently added to a child domain. I can add users, group from the parent domain to the local groups on the windows 2008 server. However, if i try to add a child domain user or group it seemingly adds correctly, but it doesn't show up in the members list of the group -- only the parent domain user/group. If I add the same child domain user or group to the list again I get a message that the user, group is already part of the local group.
When adding the user/group, check names works correctly and resolves the group. The odd part is that when added to the members list, I get the SID displayed e.g. "DOMAIN\user (S-1-5...)" as if it can't completely resovle the name.
Even if I do, from a command line 'net localgroup "local group name"' it lists only the parent domain users, but if I add the child domain users from the command line I get the same "The specified account name is already a member of the group."
Permissions seem to be applied, but I can't review nor can I remove permissions if needed.