Story – Creating a new local lab environment using VMware Workstation for Guest OS Windows Server 2008 R2 with SP1.
I created a Domain Controller SERVER-A and created some domain service accounts (svc-A) that were to be used as Administrators on member servers.
After attaching a new guest SERVER-B as a domain computer, I tried adding the svc-A account under the local administrators group. It would let me add the account, but as soon as I added (and applied), the svc-A account would disappear from the local Administrators group.
So I try to add that account again – and – error – “Account svc-A is already a member of this group”
Culprit – my sysprep process. For Windows Server 2008 R2, I did not check the “Generalize” option, and that would not create a new SID for the member server.
I had to check the “Generalize” option, which then creates a new SID, which then allows me to add and view a domain account under local administrators for that member server.