Steps Taken so far:C:\PsTools>psgetsid PsGetSid v1.43 - Translates SIDs to names and vice versaCopyright (C) 1999-2006 Mark RussinovichSysinternals - www.sysinternals.com SID for \\******:S-1-5-21-1620753259-4084368910-2385565570 C:\PsTools>psgetsid account PsGetSid v1.43 - Translates SIDs to names and vice versaCopyright (C) 1999-2006 Mark RussinovichSysinternals - www.sysinternals.com Error querying account:The trust relationship between this workstation and the primary domain failed.-------------------------------------------------------Net View and Net use to Domain Controller = OK-------------------------------------------------------Windows Login and Map Drive = Okay.-------------------------------------------------------Test Effective Permissions using Domain User Account = Windows can't calculate the effective permissions for ************* <AD Account>

It seems that the computer is not joined domain properly. Please exit domain, remove the computer unit from the Active Directory. Then re-join the computer to domain.Arthur Xie - MSFT

Hi Arthur,I have attempt the step above for countless times and the result is the same.I however read something about NTLMv2 and NTLM and LM communications. That certain version of client is not compactiable with older NTLM communications.Just for your info my Domain has2 DC,Windows 2000 AD/GC server and a windows 2003 AD/GC.Could this be the possible issue with the incompactiable between Windows 7 and older Computer when attempting to do a NTLM/NTLMv2 communication? if possible also provide me the link to Technet acticle on the NTLM version different for all the OS.Also if this is the cause, could you provide me some information on the work about.

Hi,I think I have the same problem as you.I get this error when i want to add a user to the local Administrators group (or any other) on the windows 7 machine."The trust relationship between this workstation and the primary domain failed."this is my 4th clean install of windows 7 on which i try this. 4 different machines. All are back to Vista / XP Now.on those i have tried to rejoin the domain with different names multiple times.now i have Windows 7 installed in Virtual Machine and have the same problem.i Install Win7, Join to domain as DOMAIN\Administrator (select "Do not add a user at this time", otherwise i get the error about relationship)Reboot and login as DOMAIN\Administrator. All works fine, my login script runs, i can access network drives. But when i try to add a new user to the local administrators group i get the trust relationship popup.Also it cant resolve 1 SID showed in the Local Administrators (i think DOMAIN\Administrators)Let me know if you have a Solution for this.

I read somewhere it could also due to older OS like Windows 2000 not able to understand kerboses. and Windows 7/2008 r2 blocking older NTLMv1but so far no1 has reply officially to my query. i will have to remove my Windows 2000 DC and test further.

My problem seems to be solved ! :Dthanks to this topic.http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/7d0bb953-3514-4475-8f00-5f624f5f6b00Adding the user as an Local administrator only works if you first logon as that user, than use elevated privileges to add that user.you have to do this for every user you want to add :( so it seems its not possible to add multiple users on forehand. you have to ask every user to logon for you so you can add them as administrator for future use.Hope i dont run into more problems.

Hi, There should not be Kerberos authentication problems between Windows systems. When did you get "The trust relationship between this workstation and the primary domain failed" and Access Denied error messages? The default NTLM authentication level is different in Windows 7. I suggest that you change the level to Send LM & NTLM - use NTLMv2 session security if negotiated Please refer: Network security: LAN Manager authentication levelArthur Xie - MSFT

Hi Arther,1. I get "The trust relationship between this workstation and the primary domain failed" when my Logon script /Scriptlogic tries to detect the local admin level of the logon account.2. I do get access denied during accessing to File Share on 2003r2 file server. (this happens onWindows 7 x64 however same setup on Windows 7 x86 failes to replicate the same error.)I will take ur suggestion on LAN Manager Authentication level and will feedback once i get any results.

Hi SCHT,Does the solution help? Arthur Xie - MSFT