Jump to content

Add Domain user to local group from local accout


 Share

Recommended Posts

Hi,

I want to add a domain user to the local group administrators. The problem is, that I want to execute this script with a local accout on the client machine (software distribution account).

If I use for example "net localgroup Administrators /add DOMAIN\USERNAME" I get the error = System error 1789 has occurred. The trust relationship between this workstation and the primary domain failed.

Because the local account is not member of the domain.

Any ideas?

Link to comment
Share on other sites

Hi,

I want to add a domain user to the local group administrators. The problem is, that I want to execute this script with a local accout on the client machine (software distribution account).

If I use for example "net localgroup Administrators /add DOMAIN\USERNAME" I get the error = System error 1789 has occurred. The trust relationship between this workstation and the primary domain failed.

Because the local account is not member of the domain.

Any ideas?

Hi,

you have a problem with your machine account. Reassign Domain membership.

See also http://support.microsoft.com/kb/162797

;-))

Stefan

Link to comment
Share on other sites

I am not 100% sure but:

This is not possible - when you add a domain account from a local account the domain would ask for domain credentials.

Your local account doesnt have it. If you do it from a domain account that have admin rights it would work.

Link to comment
Share on other sites

I am not 100% sure but:

This is not possible - when you add a domain account from a local account the domain would ask for domain credentials.

Your local account doesnt have it. If you do it from a domain account that have admin rights it would work.

Hi,

@heinda want's to add a domain account to a localgroup.

If you are local administrator, you can add every domain account into localgroups without problems.

Some Exceptions:

1) The trust relationship of workstation is broken (see @heinda)

2) The group everyone has no read access on AD. By default Everyone has read access

3) The account does not exist

4) Networkproblems

..........

;-))

Stefan

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...