You cannot add a user account from a trusted Windows Server 2003 domain to the local Administrators group on the computer when you use an account of the trusted domain together with a smartcard

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
Consider the following scenario:
  • You have a one-way trust relationship between two Windows Server 2003 domains.
  • DomainB trusts DomainA.
  • You log on to a computer that is in DomainB by using a user account that is in DomainA.
  • Then, you try to add a user account from DomainA to the local Administrators group on the computer.
  • When you add the user account, you do not click Locations on the Select Users, Computers, or Groups dialog box to change the current location. Instead, you directly specify the user account in a "DomainA\Username" format.
  • When you are prompted for credentials, you use a smartcard for the user account in the DomainA and input the personal identification number (PIN).
In this scenario, you are repeatedly prompted for credentials. Therefore, you are unable to add the user account from DomainA.
WORKAROUND

Workaround 1

When you add a user account from DomainA to the local Administrators group, click Locations in the Select Users, Computers, or Groups dialog box to change the current location to DomainA. Then, specify the user account in a "Username" format instead of in a "DomainA\Username" format.

Workaround 2

Type the following command at a command prompt to add the user account from DomainA to the local Administrators group:
net localgroup administrators add DomainA\Username
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Properties

Article ID: 937472 - Last Review: 01/16/2015 02:24:48 - Revision: 1.0

  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • kbnosurvey kbarchive kbexpertiseinter kbtshoot kbprb KB937472
Feedback