XP Local Group add prblem - Object Picker Incomplete

Mon Aug 18 22:10:22 GMT 2003

On Tue, 19 Aug 2003, PHELPS, SCOTT wrote:

> First of all sorry for having to cross-post here, but I got no response
> on the main list.  I just subscribed here, so here I go...

Sorry! Our response automats were at lunch today! :))))

> I have successfully and seamlessly merged my NT Domain from a Windows
> PDC to a Samba PDC running 2.2.8a.  All the logins, machine accounts,
> and RIDs/SIDs were successfully cloned by me to an LDAP backend.  I even
> kept the profiles.
>
> I've worked out most of all the little issues that cropped up, but this
> one has me totally stumped:
>
> Here's the situation.
>
> I've got a suXP Pro box with SP1 on it that whenever I try to add any
> 'domain_user' to any 'local_group' it gives me the following error
> message:
>
> "Information returned from the object picker for object "<username>" was
> incomplete.  The object will not be processed."
>
> A couple notes:
> 1. This is not a problem on Windoze 2K or NT - it works all day.
>
> 2. I have fixed the three relevant Registry keys:
> (HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
> quiresignorseal = 0)
> (HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
> quirestrongkey = 0)

Did you reboot after changing the registry settings? Quite essential!

>
> 3. I also changed the following Group policy to 'enabled':
> Computer Configuration\Administrative Templates\System\User Profiles\Do
> not check for user ownership of Roaming Profile Folders
>
> 4. The XP box is a domain member with a machine$ account.  It has Domain
> Admins in the Local Admins Group, as well as Domain Users in the Local
> Users Group.  If I add the user to the 'domain admin group' on Samba she
> does inherit Local Admin rights.  So every thing is working fine
> **except** the ability to add a user specifically from the Domain to the
> Local Group!

Sorry. You have to do this manually on each network client windows
workstation.

>
> 4. I have Googled for days, and nobody has come up with an answer in
> previous postings.
> FYI:
> An example search....
> http://www.mail-archive.com/cgi-bin/htsearch?method=and&format=short&con
> fig=samba_lists_samba_org&restrict=&exclude=&words=object+picker+
>
> If there is anyone out there who is able to add a Domain User to a local
> Group on an suXP Pro box, please contact me.  I would like to know what
> you did (or didn't do).

You must log onto the network client as administrator of the local
machine, then add the domain groups you want to add to the local groups.
Normally, the Domain Admins group is auto-added to the Local
Administrators group on joining the domain.

- John T.
-- 
John H Terpstra
Email: jht at samba.org