question

ArnoldMishaev-6326 avatar image
0 Votes"
ArnoldMishaev-6326 asked rr-4098 answered

Member server 2019 cannot add user account from Trusted domain

Hi everybody,

we're in the middle of migration project to migrate all objects from Domain A to Domain B, right now we are trying to migrate "security translation".
and we're facing with issue when we trying to add administrator account from trusted domain B, to a member server in domain A, see the screenshot below
204738-image.png



We're successfully managed to add the administrator account from Domain B to local administrator groups in all member server in Domain A, except one server

windows-serverwindows-active-directorywindows-server-2019
image.png (25.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-0326 avatar image
0 Votes"
LimitlessTechnology-0326 answered ArnoldMishaev-6326 commented

Hello

Thank you for your question and reaching out. I can understand you are having issues related to adding users to Group from Domain A to Domain B,



The error message "A member could not be added to or removed from the local group because the member does not exist" is generic Windows error. When I search online, I found that this error could occurs when there is duplicate SID in computer OS. I found ntdsUtil tool to find and clean up duplicate SID.


https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/ntdsutil-find-clean-duplicate-security-identifiers



--If the reply is helpful, please Upvote and Accept as answer--

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

this not the issue

0 Votes 0 ·
rr-4098 avatar image
0 Votes"
rr-4098 answered ArnoldMishaev-6326 commented

You are using a two-way trust correct?

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yes, correct

0 Votes 0 ·
rr-4098 avatar image rr-4098 ArnoldMishaev-6326 ·

Have you checked the firewall logs for any dropped or blocked traffic?

0 Votes 0 ·

There is no firewall, both domain seat in the same segment\LAN

0 Votes 0 ·
rr-4098 avatar image
0 Votes"
rr-4098 answered

Is it possible it could be duplicate SID's as suggest in the following article?

https://docs.microsoft.com/en-us/answers/questions/40034/ad-connect-setup-a-member-could-not-be-added-to-or.html

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.