Microsoft KB Archive/937472

From BetaArchive Wiki
Knowledge Base


You cannot add a user account from a trusted Windows Server 2003 domain to the local Administrators group on the computer when you use an account of the trusted domain together with a smartcard

Article ID: 937472

Article Last Modified on 1/4/2008


APPLIES TO

  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems


SYMPTOMS

Consider the following scenario:

  • You have a one-way trust relationship between two Windows Server 2003 domains.
  • DomainB trusts DomainA.
  • You log on to a computer that is in DomainB by using a user account that is in DomainA.
  • Then, you try to add a user account from DomainA to the local Administrators group on the computer.
  • When you add the user account, you do not click Locations on the Select Users, Computers, or Groups dialog box to change the current location. Instead, you directly specify the user account in a "DomainA\Username" format.
  • When you are prompted for credentials, you use a smartcard for the user account in the DomainA and input the personal identification number (PIN).

In this scenario, you are repeatedly prompted for credentials. Therefore, you are unable to add the user account from DomainA.

WORKAROUND

Workaround 1

When you add a user account from DomainA to the local Administrators group, click Locations in the Select Users, Computers, or Groups dialog box to change the current location to DomainA. Then, specify the user account in a "Username" format instead of in a "DomainA\Username" format.

Workaround 2

Type the following command at a command prompt to add the user account from DomainA to the local Administrators group:

net localgroup administrators add DomainA\Username


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Keywords: kbexpertiseinter kbtshoot kbprb KB937472



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/937472&oldid=230240
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki