Hi:
I've got a windows 2008 sp2 domain, numerous DCs all using DFS replication. There are user accounts in the domain that you can't add to a group. When you go to the group membership tab, add a user, it looks the user up in the domain, and just fails to find the user. I've tried by searching via Pre-Windows 2000 name or via the UPN ofuser@domain.local, but no luck. I can open up the same problematic user, and add the user to the group via the user object. This doesn't happen to all users, only a few. I've combed through their security tab and all looks to be OK there too. Doesn't seem to matter if I try this from the admin tool side on a workstation or via the AD tools on a DC, same result.
Any suggestions?
thanks