I have just setup 2 workstations in a domain (The first system setup is fine.) and all i want to do is add the domain users account to the administrator account.

The problem is when i go to select a user or groups on the workstation all i get is the local accounts.

The work station is part of the domain.
The user has an account in AD.
The computer is in AD.

Also one other problem the system logs in really slow.

I have set the correct DNS entries the same as system 1

Any help appreciated.

The workstation can only contain local accounts.
A user simply logs into the domain using the domain name and their user account on the DC.
User accounts for the domain are added to the AD.

Thanks for the reply

On the first system i have in local users that domain users is part of the local admin group. This allows me not to make all individuals who log in administrators as they are all members of the domain users group: EG

Group\administrators

compname\admin
domain\domain admin
domain\domain user
compname\local account

Then i manage the workstations with group policy.

What is the local operating system on the workstations (you didn't indicate it).

Generally, when you have a slow logon like you're describing the symptom is usually associated with using cache credentials to log on.

On the DC, create a new user account – one that has never been used from the trouble workstation. Go to the trouble workstation and try to log on with it.

Are you successful?

Sorry the op system is XP and i wil try your suggestion and get back to you

Thanks

You were right the problem was a local login instead of connecting to the domain. I checked the cable and there was a tear in it, after replacing the cable everything went okay.

How do you stop them loging in with anything else but domain authentication, I set the number of allowed logins to cache 10 in case the server goes down. is this the right way to do it.

I don't want the slow logon again if the server is down or the workstation creating a local copy.

If you want to stop them from loging in with anything else but domain authentication then you need to set the number of allowed logins to cache to 0

This will not allow a login to the system using the domain accounts if the DC is unreachable.

So this solves one problem (using only authentication from the DC) but it introduces another (if the DC is down users cannot log on to the system with anything but a local account)

Thanks for the help worked great. Sorry it took so long.

I have tried the VBScript for Adding a Global Group to a Local Group on a List of Machines
as mentioned in the URL
http://www.serverwatch.com/tutorials/article.php/1548981

I am getting the following error message

"Unexpected Error on gg-ctxprd-app-outlook:-2147023665"
"Group gg-ctxprd-app-outlook cannot be found"

Please help me out resolving this issue.

**********************************************
' Don't halt on runtime errors

On Error Resume Next

' Initialize variables

Dim strServerName(1000) 'This array will hold 1000 machines, increase as necessary

Dim ErrMsg

Dim StrGroupToAdd

Dim strServer

Dim Result

Dim strInputFile

Dim LogFile

Dim strLocalGroup

' Create a new file system object

Set objFS = CreateObject("Scripting.FileSystemObject")

' Get Name of Input File and Check to see if its valid

strInputFile = InputBox("Enter name of file containing machines to modify (Including full path)",,"Servers.Txt")

Set ServerList = objFS.OpenTextFile (strInputFile)

If strInputFile = "" Then

MsgBox ("Operation Cancelled, no input file supplied")

Wscript.Quit(1)

ElseIf Err Then

ErrMsg = AdsiErr(strInputFile)

MsgBox ("Error: "& ErrMsg)

Wscript.Quit(1)

End if

' Get Name of Log File and Check to see if its valid and Writable

LogFile = InputBox("Enter name of Log File (Including full path)",,"log.txt")

If LogFile = "" Then

MsgBox ("Operation Cancelled, no log file supplied")

Wscript.Quit(1)

End if

ErrMsg = "Logging Started"

Result = WriteLog(,LogFile,ErrMsg)

If Err Then

ErrMsg = AdsiErr(LogFile)

MsgBox ("Error: " & ErrMsg)

Wscript.Quit(1)

End if

' Get Name of Group to Modify and Check to see if its valid

strLocalGroup = InputBox("Enter Name of LOCAL group to modify on each machine",,"Administrators")

If strLocalGroup = "" Then

MsgBox ("No Local Group Selected, Operation Cancelled")

Wscript.Quit(1)

End If

' Get name of group to add and check to see if its valid

strGroupToAdd = InputBox("Enter DOMAIN Global Group to add to local Admins group",,"Global Infrastructure")

If StrGroupToAdd <> "" Then

Set objGroup = GetObject("WinNT://DOMAIN" & "/" & strGroupToAdd)

If Err Then

ErrMsg = AdsiErr(strGroupToAdd)

MsgBox ("Group " & strGroupToAdd & " Cannot be found")

Wscript.Quit(1)

End If

Else

MsgBox ("No Group Selected, Operation Cancelled")

Wscript.Quit(1)

End if

' Parse Input File

' Add Global Group to local group on each machine in list

do while ServerList.AtEndOfStream <> True

strServerName(xCounter) = ServerList.ReadLine

If not Isblank(strServerName(xCounter)) then

StrServer = StrServerName(xCounter)

' Add Group to Local group on each machine in list

Result = AddAccount(strServer,StrGroupToAdd,strLocalGroup)

' If not successfully then try to find out why

If Err Then

ErrMsg = AdsiErr(strServerName(xCounter))

else

ErrMsg = strServerName(xCounter) & " has been updated successfully"

end if

' Write results to the log

Result = WriteLog(strServerName(xCounter),LogFile,ErrMsg)

xCounter = xCounter + 1

End if

Err = ""

loop



' When Finished, Time Stamp Log and Quit

If StrGroupToAdd <> "" Then

ErrMsg = "Operation Completed"

Result = WriteLog(,LogFile,ErrMsg)

MsgBox ("Completed: View results in log: " & LogFile)

Else

MsgBox ("Cancelled: No Changes Made.")

End if

Set objFS = Nothing

Set objGroup = Nothing





' ***********************

' Functions and Subs here

' ***********************

' Trims leading and trailing spaces

Function IsBlank(strInput)

IsBlank = not CBool(Len(trim(strInput)))

End Function



' Adds Global Group from domain to local group machine

Function AddAccount(ServerName,GroupName,szLocalGroup)

Set objGroup = GetObject("WinNT://" & ServerName & "/" & szLocalGroup)

objGroup.Add ("WinNT://DOMAIN" & "/" & GroupName)

Set objGroup = Nothing

End Function



' Log Results

Function WriteLog(ServerName,strLogFile,strMsg)

Dim strTextStream

Set strTextStream = objFS.OpenTextFile(strLogFile, 8, true)

strTextStream.WriteLine(strMsg)

strTextStream.WriteLine("Time: " & Time)

strTextStream.WriteLine("Date: " & Date)

strTextStream.WriteLine("----------------------------------------")

strTextStream.Close

End Function



' Attempt to Trap Errors and return a message to the log

' If Error is Fatal or Unknown then Quit

Function AdsiErr(ServerName)

Dim e

If Err.Number = &H80070562 Then

AdsiErr = ServerName & " has already been updated."

ElseIf Err.Number = &H80070005 Then

AdsiErr = "Access Denied to " & ServerName

ElseIf Err.Number = &H1A8 Then

AdsiErr = "Couldnt Connect to " & ServerName

ElseIf Err.Number = &H800708B2 Then

AdsiErr = ServerName & " is a Domain Controller, cant update"

ElseIf Err.Number = &H8007056B Then

AdsiErr = "Group " & ServerName & " Doesnt Exist"

ElseIf Err.Number = 53 Then

AdsiErr = "File " & ServerName & " Doesnt Exist"

ElseIf Err.Number = 70 Then

AdsiErr = "Cant Write to " & ServerName

MsgBox AdsiErr

Wscript.Quit(1)

Else

' If error isnt one we expect, flag this up in a box

e = Hex(Err.Number)

AdsiErr = "Unexpected Error on " & ServerName

Msgbox (AdsiErr & " :" & Err.Number)

End If

End Function
**********************************************