Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Adding users, Trust relationship?

Status
Not open for further replies.
Lizardkng

Lizardkng

Technical User
Joined
Oct 21, 2002
Messages
135
Location
US
Im trying to add domain users as administrators of a local machine.

When I try to add users either by manually typing their username, or browsing the directory of users, I get a dialog box that says

"The user could not be added because the following error has occured:

The trust relationship between the workstation and the primary domain failed"

I think I may have JUST figured this out....if you have any ideas...go ahead and lemme have em, meanwhile Im gonna test my theory...
 
Sort by date Sort by votes
Ok I was wrong...

I have tried logging in to the network as an administrator of the local machine (the one in question), and administrator of the domain (on both the server and the local machine), and on an account thats a member of the domain admin group...

We are running only 1 domain, with 7 clients, so its not a Trust issue between domains...it seems the PDC doesnt "Trust" this machine, and seems unrelated to the account logged on at the time.

I have been able to add these users as administrators of the other local machines on the network, and this one, in the past, but since I performed a 2k Pro reinstall on this one, ive been unable to re-add the users since then...

If I try to add a user that is a member of the domain admin group, thats actually already been added, (the only one I have been able to add), I get a dialog box saying:

The user domainname\username could not be added because this user already has permission to use this computer.

All these users can log in without any problem, but I need to grant them local machine admin rights...

Please help! :)
 
Upvote 0 Downvote
Oh no!

Not page 5!

Sorry to bump this back up, does anyone have any ideas?
 
Upvote 0 Downvote
when you did the re-install on this machine, did you remove it's account from the domain?
 
Upvote 0 Downvote
A solution that has worked for me:
Remove the PC from the domain(into a workgroup) then add it back. This will re-establish the "trust" between the PC and the Domain. Be sure to have the local admin password.
 
Upvote 0 Downvote
No, I did not remove the computer account from the domain.

So, do I remove the computer account from the domain and re-add it? or do I make the local computer a workgrop member and then reboot and make it a domain member?

Eh, either one, Ill try, thanks a bunch!

Im also having almost the same problem with an XP machine that we recently had to do a reinstall on...Ill bet its the same problem...

Thanks!
 
Upvote 0 Downvote
Ok, Im still having a problem...same thing...heres what ive done so far...

First, logged on to the client and removed it from the domain, by changing the network properties and simply moving the dot from the domain selection, to the workgroup, and entering a workgroup name. Then I rebooted.

While it was rebooting I went to the server and deleted that computers account. Then I made a fresh one, using the same name.

I then went back to the client, and went through the same process, (Control panel -> System -> Network Identification -> Properties) and then changed from workgroup, back to domain, entered the domainname and it appeared to re-add the client to the domain.

Tried to 'Add Users', still got same message, "trust between this workstation and the primary domain failed"...

Made it a workgroup member again, reboot, and then tried using the wizard, via Control panel -> System -> Network Identification -> Network ID, after entering the domain name, dialog box "An account was found for this computer on the domain, would you like to use this account?" I said yes, and then the box to add users came up, tried to add a user, and still same thing...trust failed...

It should be noted that when I did the reinstall on this machine, that I did not format, I just did a reinstall...

Please, if anyone can help...
 
Upvote 0 Downvote
Hi,

I have also had similiar problems here and although it looks like what you've done should have fixed the problem, I've found the whole adding a computer account thing pretty flaky in AD. Here's what I did to solve it last time:

1. On the client, go to Network Identification and remove the computer from the domain and add it to a workgroup and reboot as you did before.

2. Within Active Directory, delete the computer account as you did before and make sure this has replicated to all other domain controllers in that domain. This time, do not create a new computer account for this client.

3. Go back to the client and then add the computer back into the domain using an account with rights to do this and reboot.

Hopefully, you should now be able to add domain accounts to the local administrators group. It seems that if AD has any reference of the old computer account, it won't properly put the new one into the domain and I think this is where it's going wrong for you. If this doesn't work, then I'm stumped as well I'm afraid!!

Cheers, Antony
 
Upvote 0 Downvote
Well, hopefully this fact doesnt affect this new method very much:

Theres only 1 PDC, and no BDC, so replication doesnt happen.

Hopefully allowing the DC to create the account when the admin tries to add the new client to the domain, instead of creating the account ahead of time, does the trick.

Thanks again!
 
Upvote 0 Downvote
Well, I did exactly as you posted...

Got the "Welcome to the Domain" message and everything...

And it still didnt work...

I dont know if it matters, but its a very short walk from the DC to the client, is it possible that Im removing, and re-adding the computer account too quickly?

Im thinking that the next step will be to:

1) Change the name, and quit using the same computer name.

2) Format, and reinstall w2k pro on the client. (if this will have no affect, please tell me now) :)
 
Upvote 0 Downvote
Hmmm, shouldn't matter about the time if you've only the one DC. Very confusing!

I would have thought that using a different computer name would solve the problem (but then I would have also thought what you've already done would have fixed it!).

If it doesn't, I think a reinstall is about the only way forward and I would use another different computer name as well.

A quick search on Microsoft's site has picked this up, but it's only for NT4, I can't find anything on it to do with 2000:


Just a thought, have you got SP3 installed on both client and server? Latest service pack is always worth a try in my opinion.

Cheers, Antony
 
Upvote 0 Downvote
Please describe your DNS setup and what DNS server this client is using for name resolution?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question Question
Trust relationship issue
Replies
3
Views
1K
araheusaff
araheusaff
DTGMI
  • Locked
  • Question Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
795
DTGMI
DTGMI
jamescpp
  • Locked
  • Question Question
Adding an attribute to ADLDS
Replies
1
Views
488
jamescpp
jamescpp
tviman
  • Locked
  • Question Question
How to restrict RDP users to the desktop
Replies
13
Views
1K
strongm
strongm
kolob4all
  • Locked
  • Question Question
Restrict AD users to login to specific computers
Replies
0
Views
246
kolob4all
kolob4all

Part and Inventory Search

Sponsor

Back
Top