This article has been archived. It is offered "as is" and will no longer be updated.
Consider the following scenario:
You have a one-way trust relationship between two Windows Server 2003 domains.
DomainB trusts DomainA.
You log on to a computer that is in DomainB by using a user account that is in DomainA.
Then, you try to add a user account from DomainA to the local Administrators group on the computer.
When you add the user account, you do not click Locations on the Select Users, Computers, or Groups dialog box to change the current location. Instead, you directly specify the user account in a "DomainA\Username" format.
When you are prompted for credentials, you use a smartcard for the user account in the DomainA and input the personal identification number (PIN).
In this scenario, you are repeatedly prompted for credentials. Therefore, you are unable to add the user account from DomainA.
When you add a user account from DomainA to the local Administrators group, click Locations in the Select Users, Computers, or Groups dialog box to change the current location to DomainA. Then, specify the user account in a "Username" format instead of in a "DomainA\Username" format.
Type the following command at a command prompt to add the user account from DomainA to the local Administrators group:
net localgroup administrators add DomainA\Username
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.