Select the product you need help with

You cannot add a user account from a trusted Windows Server 2003 domain to the local Administrators group on the computer when you use an account of the trusted domain together with a smartcard

Article ID: 937472 - View products that this article applies to.

SYMPTOMS

Consider the following scenario:

You have a one-way trust relationship between two Windows Server 2003 domains.
DomainB trusts DomainA.
You log on to a computer that is in DomainB by using a user account that is in DomainA.
Then, you try to add a user account from DomainA to the local Administrators group on the computer.
When you add the user account, you do not click Locations on the Select Users, Computers, or Groups dialog box to change the current location. Instead, you directly specify the user account in a "DomainA\Username" format.
When you are prompted for credentials, you use a smartcard for the user account in the DomainA and input the personal identification number (PIN).

In this scenario, you are repeatedly prompted for credentials. Therefore, you are unable to add the user account from DomainA.

Back to the top | Give Feedback

When you add a user account from DomainA to the local Administrators group, click Locations in the Select Users, Computers, or Groups dialog box to change the current location to DomainA. Then, specify the user account in a "Username" format instead of in a "DomainA\Username" format.