hi, from app server, command prompt, "net localgroup administrators domain\user /ADD" try it.

tried to above command, encounter below error: System error 1789 has occurred. The trust relationship between this workstation and the primary domain failed.

its clear that the trust relationship has problem, try to rejoin the app server.

its clear that the trust relationship has problem, try to rejoin the app server.

I can't add domain user into app server which located in DMZ, this serve already joined the domain through RODC but both server located in different subnet network (Both subnet are DMZ location). The firewall port already opened: app server <-> RODC (set bi-direction firewall ports) 123,137, 138,53,88,389,636 UDP 32,683,269,389,636,135, 1024 - 65535, 139, 445, 53, 88 TCP

Try to ping domain/DC from app server and check whether you have communication path between domain & App server. Try to login into the App Server using domain admin/user once. Regards, Ravikumar P

Can ping RODC and RWDC, and also can login with domain admin in application server

Hello, which error do you see when trying or is no error shown and the domain isn't to choose in the local groups? Did you use the RODC also as DNS/GC an is PRP configured for users/computers?Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

No any error, i can't choose domain (only show local computer) when i add user into local groups. The RODC have DNS and GC roles

Can ping RODC and RWDC, and also can login with domain admin in application server Hello, If you logged-in into the server using domain admin, try to add domain user to local group. 1. Are you able to find the domain user details while you adding it into local group ?Regards, Ravikumar P

Even i can successfully login the server with domain admin, but i still can't add domain user into local group. : (

Are you able to find the domain user details while you adding it into local group ?Regards, Ravikumar P

hi, from app server, command prompt, "net localgroup administrators domain\user /ADD" try it.

Hi Sam, As to the error, please refer to this KB to fix it Trust Relationship between Workstation and domain fails: http://support.microsoft.com/kb/162797 Regards, Cicely

Hi Sam, As to the error, please refer to this KB to fix it Trust Relationship between Workstation and domain fails: http://support.microsoft.com/kb/162797 Regards, Cicely