>>>>>>>>>>>> > > I am having the same issue. 2 DC with 2008 functional level on

>>>>>>>>>>>> > >
>>>>>>>>>>>> > >
>>>>>>>>>>>> > >
>>>>>>>>>>>> > > In news:ff16fb66104eb8cb299260e82fa6@msnews.microsoft.com,
>>>>>>>>>>>> > > Meinolf Weber [MVP-DS] <meiweb(nospam)@gmx.de> requesting

>>>>>>>>>>>> > > the following:
>>>>>>>>>>>> > > Hello DangerMaus,
>>>>>>>>>>>> > >
>>>>>>>>>>>> > > If i follow your steps i can not reproduce your problem. It works

>>>>>>>>>>>> > > expected in my test domain. Functional level is also 2008.
>>>>>>>>>>>> > >
>>>>>>>>>>>> > >

>>>>>>>>>>>>>> On Thursday, October 15, 2009 6:37 PM Guillermo Taylor wrote:

>>>>>>>>>>>>>> Hello all. I have the same issue and I do sysprepped the VMs. My VMs are TechNet licenced, BTW. If you guys have any ideas or workaround on what can be happening, please advise.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I will try to create a VM from scratch and add it to the domain and see if the same behavior happens; I will let you know.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Guillermo
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ace Fekay [Microsoft Certified Trainer] wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain usergroup to local admin group problem
>>>>>>>>>>>>>> 24-Dec-08
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> mike1610 <mike1720@yahoo-dot-com.no-spam.invalid> requesting assistance,
>>>>>>>>>>>>>> typed the following:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Clones? Did you sysprep the machines first or simply added a clone with
>>>>>>>>>>>>>> identical SIDs? Sysprep will force the installation to create a brand new
>>>>>>>>>>>>>> SID for all components that have a SID associated to it is identity. If not,
>>>>>>>>>>>>>> I can see why this may be happening and why I cannot reproduce it.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --?
>>>>>>>>>>>>>> Ace
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>>>>>>>>>>>>> confers no rights.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
>>>>>>>>>>>>>> Microsoft Certified Trainer
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> For urgent issues, you may want to contact Microsoft PSS directly.
>>>>>>>>>>>>>> Please check http://support.microsoft.com for regional support phone
>>>>>>>>>>>>>> numbers.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Previous Posts In This Thread:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> DangerMau wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Add domain user\group to local admin group problem
>>>>>>>>>>>>>> I have two Windows Server 2008 servers. One is a DC and the other is a member
>>>>>>>>>>>>>> server. I created a global security group in AD and tried to add it as a
>>>>>>>>>>>>>> member of the local Administrators group of the member server. I am able to
>>>>>>>>>>>>>> add it but if I open it back up the group is not listed. I have tried to
>>>>>>>>>>>>>> other tests and if I click Apply instead of OK the domain group\user
>>>>>>>>>>>>>> disappears instantly.
>>>>>>>>>>>>>> If I try to add the same domain group\user it says that they are already
>>>>>>>>>>>>>> members once I click OK\Apply.
>>>>>>>>>>>>>> Any Ideas?
>>>>>>>>>>>>>> -dm
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> DangerMau wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> RE: Add domain user\group to local admin group problem
>>>>>>>>>>>>>> More info:
>>>>>>>>>>>>>> I am running these both as Virtual Machines in Virtual Server 2005 R2 SP1.
>>>>>>>>>>>>>> They are both differencing disks built from the same parent disk (the parent
>>>>>>>>>>>>>> is a base install of Server 2008). I sysprepped the member server before
>>>>>>>>>>>>>> joining it to the domain.
>>>>>>>>>>>>>> I have since added a third member server (built from same parent disk and
>>>>>>>>>>>>>> sysprepped as well) with the same results. I tried doing it with a Vista
>>>>>>>>>>>>>> member server and had no problem.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -dm
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "DangerMaus" wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Richard Mueller [MVP] wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain user\group to local admin group problem
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Restricted Groups in Group Policy can enforce the membership in local
>>>>>>>>>>>>>> Administrators groups. It sounds like this is happening to you. There are
>>>>>>>>>>>>>> several kb articles on this, such as:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> http://technet.microsoft.com/en-us/library/cc756802.aspx
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Richard Mueller
>>>>>>>>>>>>>> MVP Directory Services
>>>>>>>>>>>>>> Hilltop Lab - http://www.rlmueller.net
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Jorge Silva wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain user\group to local admin group problem
>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>> can you describe the exact steps?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> I hope that the information above helps you.
>>>>>>>>>>>>>> Have a Nice day.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Jorge Silva
>>>>>>>>>>>>>> MCSE, MVP Directory Services
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>>>>>>>>>> This posting is provided "AS IS" with no warranties, and confers no rights.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> DangerMau wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain user\group to local admin group problem
>>>>>>>>>>>>>> This is a fresh install with no custom setting in AD. I checked and I did not
>>>>>>>>>>>>>> see any Restricted Groups configured in the default domain policy.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -dm
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "Richard Mueller [MVP]" wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> DangerMau wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain user\group to local admin group problem
>>>>>>>>>>>>>> So I have a default install of Server 2008 with ADDS role added (using 2008
>>>>>>>>>>>>>> functional level). The Windows 2008 member server is a default install as
>>>>>>>>>>>>>> well.
>>>>>>>>>>>>>> On the DC, I create a global security group in AD, create a new user and add
>>>>>>>>>>>>>> it to that group.
>>>>>>>>>>>>>> On the member server, I open Server Manager, expand Local Users and Group,
>>>>>>>>>>>>>> open the properties of the local Administrators group, and add the Group from
>>>>>>>>>>>>>> AD.
>>>>>>>>>>>>>> If I immediately click OK and then open the properties of the local
>>>>>>>>>>>>>> administrators group it does not list the AD group I added.
>>>>>>>>>>>>>> I have rebooted by VMs and checked the group membership after an hour or
>>>>>>>>>>>>>> more just in case and still no group.
>>>>>>>>>>>>>> Now if I try to add the group again it will let me, but once I click OK it
>>>>>>>>>>>>>> will then say that the AD group is already a member of the local
>>>>>>>>>>>>>> Administrators group.
>>>>>>>>>>>>>> I think that is it but let me know if you need more info.
>>>>>>>>>>>>>> -dm
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "Jorge Silva" wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ace Fekay [Microsoft Certified Trainer] wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain user\group to local admin group problem
>>>>>>>>>>>>>> typed the following:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Curious, what functional mode is the domain in?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --??
>>>>>>>>>>>>>> Ace
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>>>>>>>>>>>>> confers no rights.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
>>>>>>>>>>>>>> Microsoft Certified Trainer
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> For urgent issues, you may want to contact Microsoft PSS directly.
>>>>>>>>>>>>>> Please check http://support.microsoft.com for regional support phone
>>>>>>>>>>>>>> numbers.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> DangerMau wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain user\group to local admin group problem
>>>>>>>>>>>>>> Functional level is Server 2008.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -dm
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "Ace Fekay [Microsoft Certified Trainer]" wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Jorge Silva wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain user\group to local admin group problem
>>>>>>>>>>>>>> Ok, can you try to remove that member server from the domain and re-add it
>>>>>>>>>>>>>> again? then test.
>>>>>>>>>>>>>> Also check if you have errors in eventvwr.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> I hope that the information above helps you.
>>>>>>>>>>>>>> Have a Nice day.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Jorge Silva
>>>>>>>>>>>>>> MCSE, MVP Directory Services
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>>>>>>>>>>>> This posting is provided "AS IS" with no warranties, and confers no rights.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> mike172 wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain usergroup to local admin group problem
>>>>>>>>>>>>>> is a member
>>>>>>>>>>>>>> as a
>>>>>>>>>>>>>> able to
>>>>>>>>>>>>>> tried to
>>>>>>>>>>>>>> group\user
>>>>>>>>>>>>>> already
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Maybe this has something to do with licensing issue? Not
>>>>>>>>>>>>>> enough client access license maybe?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> mike172 wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain usergroup to local admin group problem
>>>>>>>>>>>>>> the same storage based virtual xen server environment. I can add the
>>>>>>>>>>>>>> domain user to the local admin groups on one of the windows 2008
>>>>>>>>>>>>>> member server (this member server is also virtual machine on the same
>>>>>>>>>>>>>> storage), but the domain user does not show up in the local admin group
>>>>>>>>>>>>>> window and because of that this domain user does not have admin rights
>>>>>>>>>>>>>> on the local server, trying to readding gain to the local admin group
>>>>>>>>>>>>>> says "this user is already member of this group", any
>>>>>>>>>>>>>> ideas?
>>>>>>>>>>>>>> assistance, typed
>>>>>>>>>>>>>> as
>>>>>>>>>>>>>> environment.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> mike172 wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain usergroup to local admin group problem
>>>>>>>>>>>>>> installing all the servers separately not using the clones, looks
>>>>>>>>>>>>>> like this is the issue with virtual environment.
>>>>>>>>>>>>>> is a member
>>>>>>>>>>>>>> as a
>>>>>>>>>>>>>> able to
>>>>>>>>>>>>>> tried to
>>>>>>>>>>>>>> group\user
>>>>>>>>>>>>>> already
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ace Fekay [Microsoft Certified Trainer] wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re: Add domain usergroup to local admin group problem
>>>>>>>>>>>>>> mike1610 <mike1720@yahoo-dot-com.no-spam.invalid> requesting assistance,
>>>>>>>>>>>>>> typed the following:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Clones? Did you sysprep the machines first or simply added a clone with
>>>>>>>>>>>>>> identical SIDs? Sysprep will force the installation to create a brand new
>>>>>>>>>>>>>> SID for all components that have a SID associated to it is identity. If not,
>>>>>>>>>>>>>> I can see why this may be happening and why I cannot reproduce it.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --?
>>>>>>>>>>>>>> Ace
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>>>>>>>>>>>>> confers no rights.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
>>>>>>>>>>>>>> Microsoft Certified Trainer
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> For urgent issues, you may want to contact Microsoft PSS directly.
>>>>>>>>>>>>>> Please check http://support.microsoft.com for regional support phone
>>>>>>>>>>>>>> numbers.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> EggHeadCafe - Software Developer Portal of Choice
>>>>>>>>>>>>>> .NET Web Services - Exception Handling And Non-Exception Error Handling

>>>>>>>>>>>>>> Submitted via EggHeadCafe
>>>>>>>>>>>>>> ASP.NET 4.0 browser capabilities
>>>>>>>>>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/668c15e2-9fe5-4a7a-94ac-001af0bf4d1b/aspnet-40-browser-capabilities.aspx