Question : Unable to add domain account to local Administrator group

I am trying to add a domain account to the local Administrators group on a Windows XP Pro workstation.  My network is Windows 2000 / Active Directory.

On a the workstation:

Administrative Tools > Computer Management > Local Users and Groups > Groups

I open the Administrator group, then press "Add..."  The only thing in the "From this location" box is the local machine I'm working on, so I press the "Locations" button.  In the resulting window, there is no other option to select from.  The only icon in that window is the local machine.

Consequently, I cannot add a domain account to the local Administrators group.

Notes:

-- The computer has been added to the domain. Active directory is completely aware of the machine and it functions normally in the domain aside from this issue.

-- Domain admins are administrators on this computer, so I know the computer knows what the domain is and can authenticate against it.

-- When I open the Administrators group and it displays the members of that group, there are two icons.  One is the standard User icon for the local Admininstrator account.  The other is the same icon with a question mark in front of it and a name like: "S-1-5-21-1615..." etc. (it's quite long).  I'm assuming this second icon is for the Domain Admin group.

Deane

Answer : Unable to add domain account to local Administrator group

The string of numbers is the Security ID(SID) of an account on the DACL that Windows is unable to enumerate.  That infers that the system is unable to communicate with the domain.  The SID you mention S-1-5-...domainid...-512, is the Domain Admins group.  Is the system added to the domain?