Can't add Domain User to local Administrators group in Win XP pro

Discussion in 'Windows Networking' started by Grant Robertson, Aug 12, 2005.

  1. In the past I have been able to add the Domain User built-in group from
    the server to the local Administrators group on a PC. Now we have a new
    computer and I can't get it to work. I can log onto the domain just fine
    and I am logged in as the domain Administrator (which, by default is a
    member of the local Administrators group).

    I know what I am supposed to do:
    Open the Computer Management MMC.
    Go to System Tools/Local Users and Groups/Groups and
    double-click on the Administrators group.
    Click [Add] ; [Locations] and find the Domain User in the tree.

    Unfortunately, I cannot browse that tree. It only shows me the local
    workstation and I can not go to the domain. If I just type in the fully
    qualified domain name of the Domain User built-in group I get the Name
    Not Found error dialog.

    I know I did this before pretty easily. The new machine is from an image
    used to build up all of the machines so there should not be any
    significant differences.
     
    Grant Robertson, Aug 12, 2005
    #1
    1. Advertisements

  2. Grant Robertson

    Todd J Heron Guest

    Check your laptop's DNS settings is it pointing at a properly functioning,
    internal DNS server(s)?
     
    Todd J Heron, Aug 12, 2005
    #2
    1. Advertisements

  3. I don't have access to the systems right now. However, I do know that I
    can browse the network just fine using Windows Explorer. If there was
    anything wrong with DNS or WINS wouldn't it prevent me from browsing the
    network at all?
     
    Grant Robertson, Aug 13, 2005
    #3
  4. You were exactly correct. When I set the primary DNS and WINS IP address
    to the Domain Controller then it worked just fine. Since I don't use the
    Domain Controller as a firewall (I prefer to use a separate hardware
    firewall and DHCP server) I just set the secondary DNS to the hardware
    firewall. Now I have the best of both worlds. Access to my domain
    information and internet access even when the server is down.
     
    Grant Robertson, Aug 24, 2005
    #4
  5. Grant Robertson

    Todd J Heron Guest

    All internal Active Directory domain clients should be configured to use
    only an internal DNS Server hosting the zone name for the Active Directory
    domain. This means no workstation or server, to include all DCs and DNS
    servers, on the network should be configured to use any external DNS for
    resolution, not even as a secondary DNS server. The reason all domain
    members and DCs must use the local DNS for DNS in TCP/IP properties, is
    because that is how clients find objects in Active Directory (e.g. domain
    controllers, global catalogs, etc). If you point domain clients (including
    domain controllers) to a DNS server which doesn't hold this information,
    expect:

    1) Long logon times (long waiting time for "Applying computer settings" or
    clients unable to logon at all)
    2) Slow boot times for DCs
    3) No Active Directory replication
    4) Administrators unable to manage parts of the domain
    5) Group policy errors or failing outright
    6) Poor (slow) network performance in general.

    The only place ISP DNS servers belongs in the network is under your DNS
    server's Forwarders tab, not anywhere in any place on internal domain
    clients.
     
    Todd J Heron, Aug 24, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.