XP Local Group add prblem - Object Picker Incomplete

[PHELPS, SCOTT]

Thanks for the response.  Same problem still, more information...

> > First of all sorry for having to cross-post here, but I got no
response
> > on the main list.  I just subscribed here, so here I go...
> 
> Sorry! Our response automats were at lunch today! :))))

LOL

> 
> > I have successfully and seamlessly merged my NT Domain from a
Windows
> > PDC to a Samba PDC running 2.2.8a.  All the logins, machine
accounts,
> > and RIDs/SIDs were successfully cloned by me to an LDAP backend.  I
even
> > kept the profiles.
> >
> > I've worked out most of all the little issues that cropped up, but
this
> > one has me totally stumped:
> >
> > Here's the situation.
> >
> > I've got a suXP Pro box with SP1 on it that whenever I try to add
any
> > 'domain_user' to any 'local_group' it gives me the following error
> > message:
> >
> > "Information returned from the object picker for object "<username>"
was
> > incomplete.  The object will not be processed."
> >
> > A couple notes:
> > 1. This is not a problem on Windoze 2K or NT - it works all day.
> >
> > 2. I have fixed the three relevant Registry keys:
> >
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
> > quiresignorseal = 0)
> >
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
> > quirestrongkey = 0)
> 
> Did you reboot after changing the registry settings? Quite essential!

Absoloutely!  :-)
These entries are required to *join* the Domain, and that has already
been done (which required another reboot).   :-)

 
> > 3. I also changed the following Group policy to 'enabled':
> > Computer Configuration\Administrative Templates\System\User
Profiles\Do
> > not check for user ownership of Roaming Profile Folders
> >
> > 4. The XP box is a domain member with a machine$ account.  It has
Domain
> > Admins in the Local Admins Group, as well as Domain Users in the
Local
> > Users Group.  If I add the user to the 'domain admin group' on Samba
she
> > does inherit Local Admin rights.  So every thing is working fine
> > **except** the ability to add a user specifically from the Domain to
the
> > Local Group!
> 
> Sorry. You have to do this manually on each network client windows
> workstation.


That's what I am doing (trying to do):  
...add a _Samba_Domain_Member to the _Local_Administrator_Group from the
_Local_Machine_ logged in to it as the _Samba_Domain_Administrator_
and/or _Local_administrator.  Sorry if I wasn't clear on that.


> > 4. I have Googled for days, and nobody has come up with an answer in
> > previous postings.
> > FYI:
> > An example search....
> >
http://www.mail-archive.com/cgi-bin/htsearch?method=and&format=short&con
> > fig=samba_lists_samba_org&restrict=&exclude=&words=object+picker+
> >
> > If there is anyone out there who is able to add a Domain User to a
local
> > Group on an suXP Pro box, please contact me.  I would like to know
what
> > you did (or didn't do).
> 
> You must log onto the network client as administrator of the local
> machine, then add the domain groups you want to add to the local
groups.
> Normally, the Domain Admins group is auto-added to the Local
> Administrators group on joining the domain.

Like I said,   the _Samba_Domain_Admin_Group AND
_Samba_Domain_User_Group **are** in the _Local_Admin_ and _Local_User_
groups respectively.  This automagically took place when I joined it to
the domain.  (As it should)

I already tried as a _Local_Admin_ as well.  All that does is require a
password to access the list of _Domain_Members_.  Again the same error
message persists after selecting the _Local_Administrator_Group_ then
selecting the individual _Domain_User_ from the Samba Domain I want to
add to it - then clicking "add":

Boom:
************************************************************************
"Information returned from the object picker for object "<username>" was
incomplete.  The object will not be processed."
************************************************************************

BTW.  To be real specific... 
This applies to adding **Any*Domain*Object* to any *Local*Object* 

So if you or anybody *can* do what the above line states.  I am very
curious,  are you pre SP1?  

Is anybody else encountering the same issue I am having?

Thanks again,

--
Scott P.