General discussion

Locked

Adding domain user to local admin group

By mldenman ·
I have a windows 2000 server and all workstations running 2000 pro. I am trying to add a domain user account to the local admin group on the workstation so that the client has full control of their own pc. The workstation is already a member of the domain as well as the user account. I know that the workstation and user are both able to be authenticated to the domain. The problem I am having is that when I try to add the domain user to the local admin group I recieve this error....."unable to process object <username> the object either does not exist or the domain could not be contacted." I have never had this problem before. I know that I am authenticating to the domain because I was able to login as the domain user and have the workstation added to the domain. Does anyone know the solution? Help is greatly appreciated!

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Adding domain user to local admin group

by curlergirl In reply to Adding domain user to loc ...

Have you double-checked your TCP/IP properties? Be sure that you have the correct DNS entries on the workstation - should be a DC on your local domain that is running DNS. Also, if you are manually typing the user's ID to add it rather than browsing and selecting it, are you typing the domain name and then user name, i.e., domain\username?

You sound like you know what you're doing, but just to review, be sure you are following these steps:

1. Log on to the workstation with a user ID that has both local and domain admin rights. What I find works best is to log on as the local admin, add a Domain Admin account to the local administrators group, and then log on with that domain admin account. I know this sounds redundant, but I have never had problems when I've done it this way. Also, at this point if you can't do that, you know there's probably a problem with the computer account on the domain.
2. Open the Computer Management console and open Local Users and Groups/Groups/Administrators and then click Add.
3. Check that you are selecting your user accounts from the domain not from the local computer.
3. Double click the user's name to add it.

If you are still getting this error, I'd suggest removing and re-adding the workstation to the domain (again?). Even though you can log on, there may be a problem with the trust between the workstation and the domain. To make sure you've completely removed the workstation from the domain, you need to first move the workstation to a workgroup (i.e., remove the domain name and put a name in the Workgroup box - any name, doesn't matter). Then, go to one of your DCs and delete the computer account; then make sure that replication has occurred if you have more than 1 DC before re-adding the workstation to the domain.

Collapse -

Adding domain user to local admin group

by curlergirl In reply to Adding domain user to loc ...

Also, I always use the method of adding the workstation to the domain from the workstation rather than directly on the server. I find that this works better to confirm that the trust relationship is working properly. So, rather than adding the computer account back on the DC, go to the workstation, right-click My Computer, select Network ID and join the domain from there.

Hope this helps!

Collapse -

by mldenman In reply to Adding domain user to loc ...

Poster rated this answer.

Collapse -

Adding domain user to local admin group

by pctech In reply to Adding domain user to loc ...

Hi

The error you are getting is when the domain DNS server and the workstations do not have the DNS server's IP address as it's first entry in the DNS list. Correct this and you should be able to add the domain user's account to the local admin group without any further issue. As noted, you appear to know the rest.

I hope this helps.

Collapse -

by mldenman In reply to Adding domain user to loc ...

Poster rated this answer.

Collapse -

Adding domain user to local admin group

by jose_12650 In reply to Adding domain user to loc ...

Your way is not the way of doing it. If you want to make the PC user to have full control of the PC while logged on as a domain user, you must join the domain as such user and select from the three user options, the "Administrator".

Collapse -

Adding domain user to local admin group

by mldenman In reply to Adding domain user to loc ...

Poster rated this answer

Collapse -

Adding domain user to local admin group

by n.u.r.v. In reply to Adding domain user to loc ...

Is the user a local admin? (i mean the user should be part of the administrators group on the local pc)

Collapse -

Adding domain user to local admin group

by mldenman In reply to Adding domain user to loc ...

Poster rated this answer

Collapse -

Adding domain user to local admin group

by AirHockeyNinja In reply to Adding domain user to loc ...

Have you tried adding the user to the domain admins group, then to the local admins group- then removing the domain admins membership? It worked for me once with the same problem. If not, you should be able to add the user account to the localcomputer Admin group from active directory- try signing in as the enterprise admin and then making your changes- also make sure you try to make the changes as a domain administrator first (for some reason, enterprise admin doesn't give you all the same rights as domain admin membership).
Sorry this answer was so scattered. If you have questions, feel free to email me.
Good luck!

Joe

Back to Windows Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums