Can't add Domain User to local Administrators group in Win XP pro

In the past I have been able to add the Domain User built-in group from
the server to the local Administrators group on a PC. Now we have a new
computer and I can't get it to work. I can log onto the domain just fine
and I am logged in as the domain Administrator (which, by default is a
member of the local Administrators group).

I know what I am supposed to do:
Open the Computer Management MMC.
Go to System Tools/Local Users and Groups/Groups and
double-click on the Administrators group.
Click [Add] ; [Locations] and find the Domain User in the tree.

Unfortunately, I cannot browse that tree. It only shows me the local
workstation and I can not go to the domain. If I just type in the fully
qualified domain name of the Domain User built-in group I get the Name
Not Found error dialog.

I know I did this before pretty easily. The new machine is from an image
used to build up all of the machines so there should not be any
significant differences.

Check your laptop's DNS settings is it pointing at a properly functioning,
internal DNS server(s)?

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

In article <(E-Mail Removed)>,
(E-Mail Removed) says...
> Check your laptop's DNS settings is it pointing at a properly functioning,
> internal DNS server(s)?

I don't have access to the systems right now. However, I do know that I
can browse the network just fine using Windows Explorer. If there was
anything wrong with DNS or WINS wouldn't it prevent me from browsing the
network at all?

In article <(E-Mail Removed)>,
(E-Mail Removed) says...
> Check your laptop's DNS settings is it pointing at a properly functioning,
> internal DNS server(s)?
>
>
You were exactly correct. When I set the primary DNS and WINS IP address
to the Domain Controller then it worked just fine. Since I don't use the
Domain Controller as a firewall (I prefer to use a separate hardware
firewall and DHCP server) I just set the secondary DNS to the hardware
firewall. Now I have the best of both worlds. Access to my domain
information and internet access even when the server is down.

"Grant Robertson" <(E-Mail Removed)> wrote in message...
>You were exactly correct. When I set the primary DNS and WINS IP address to
>the Domain Controller then it worked just >fine. Since I don't use the
>Domain Controller as a firewall (I prefer to use a separate hardware
>firewall and DHCP server) I >just set the secondary DNS to the hardware
>firewall. Now I have the best of both worlds. Access to my domain
>information >and internet access even when the server is down.

All internal Active Directory domain clients should be configured to use
only an internal DNS Server hosting the zone name for the Active Directory
domain. This means no workstation or server, to include all DCs and DNS
servers, on the network should be configured to use any external DNS for
resolution, not even as a secondary DNS server. The reason all domain
members and DCs must use the local DNS for DNS in TCP/IP properties, is
because that is how clients find objects in Active Directory (e.g. domain
controllers, global catalogs, etc). If you point domain clients (including
domain controllers) to a DNS server which doesn't hold this information,
expect:

1) Long logon times (long waiting time for "Applying computer settings" or
clients unable to logon at all)
2) Slow boot times for DCs
3) No Active Directory replication
4) Administrators unable to manage parts of the domain
5) Group policy errors or failing outright
6) Poor (slow) network performance in general.

The only place ISP DNS servers belongs in the network is under your DNS
server's Forwarders tab, not anywhere in any place on internal domain
clients.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights