I've been through some pain with this recently and thought I would share it with the list.
I discovered that I couldn't use NET LOCALGROUP to add AD domain groups with more than 20 characters to local groups on workstations and member servers, e.g. net localgroup Administrators "mydomain\group name longer than 20" /add After failing to find any good explanation on the web, I spoke to PSS. They told me that there the 20 character limit is imposed to provide backward support for NT 4.0 group names. The workaround they suggested was to use the CUSRMGR command line tool from the Windows 2000 Resource Kit, e.g. CUSRMGR.EXE -u "GROUPNAME LONGER THAN 20" -alg "MYGROUP" This works fine for me. Tony List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
