Sign in to follow this  
Followers 0
heinda

Add Domain user to local group from local accout

5 posts in this topic

Hi,

I want to add a domain user to the local group administrators. The problem is, that I want to execute this script with a local accout on the client machine (software distribution account).

If I use for example "net localgroup Administrators /add DOMAIN\USERNAME" I get the error = System error 1789 has occurred. The trust relationship between this workstation and the primary domain failed.

Because the local account is not member of the domain.

Any ideas?

Share this post


Link to post
Share on other sites



Hi,

I want to add a domain user to the local group administrators. The problem is, that I want to execute this script with a local accout on the client machine (software distribution account).

If I use for example "net localgroup Administrators /add DOMAIN\USERNAME" I get the error = System error 1789 has occurred. The trust relationship between this workstation and the primary domain failed.

Because the local account is not member of the domain.

Any ideas?

Hi,

you have a problem with your machine account. Reassign Domain membership.

See also http://support.microsoft.com/kb/162797

;-))

Stefan

Share this post


Link to post
Share on other sites

I am not 100% sure but:

This is not possible - when you add a domain account from a local account the domain would ask for domain credentials.

Your local account doesnt have it. If you do it from a domain account that have admin rights it would work.

Share this post


Link to post
Share on other sites

I am not 100% sure but:

This is not possible - when you add a domain account from a local account the domain would ask for domain credentials.

Your local account doesnt have it. If you do it from a domain account that have admin rights it would work.

Hi,

@heinda want's to add a domain account to a localgroup.

If you are local administrator, you can add every domain account into localgroups without problems.

Some Exceptions:

1) The trust relationship of workstation is broken (see @heinda)

2) The group everyone has no read access on AD. By default Everyone has read access

3) The account does not exist

4) Networkproblems

..........

;-))

Stefan

Share this post


Link to post
Share on other sites

I guess it is this :

2) The group everyone has no read access on AD. By default Everyone has read access

On our domain only domain accounts have read access.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0