samba - Aug 2009 - net rpc group addmem gives NT_STATUS_ACCESS_DENIED

On Fri, Aug 28, 2009 at 1:41 PM, Avinash Rao <avinash.aol at gmail.com>
wrote:
> On Fri, Aug 28, 2009 at 2:36 AM, Alex Crow<acrow at integrafin.co.uk>
wrote:
> >
> >> Alex,
> >>
> >> I have been trying to use "root preexec" to add domain
users to Power
> >> users group on the local workstation, it never works..
> >>
>
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#autopoweruserscript
> >>
> >> Have you used this??
> >>
> >> thanks
> >> Avinash
> >
> > We do this by setting up a scheduled task (as SYSTEM) which will run a
> > batch file from a netlogon share on one of the dc's. The batch
file does
> > all of the stuff using windows commands.
> >
> > We have something in the logon script that if you are a local admin,
it
> > will set up that scheduled task, thus, when we set up a new PC, we log
> > it on as root once, and the scheduled task will forevermore do what we
> > want it to do as the SYSTEM user on each local box.
> >
> > If you need more details I can give you example logon.bat and what we
> > call "root.bat" files.
> >
> > Cheers
> >
> > Alex
> > --
> > This message is intended only for the addressee and may contain
> > confidential information.  Unless you are that person, you may not
> > disclose its contents or use it in any way and are requested to delete
> > the message along with any attachments and notify us immediately.
> >
> > "Transact" is operated by Integrated Financial Arrangements
plc
> > Domain House, 5-7 Singer Street, London  EC2A 4BQ
> > Tel: (020) 7608 4900 Fax: (020) 7608 1200
> > (Registered office: as above; Registered in England and Wales under
> > number: 3727592)
> > Authorised and regulated by the Financial Services Authority (entered
on
> > the FSA Register; number: 190856)
> >
> >
>
> Alex,
>
> Thank you for your reply. I don't mind giving your logon.bat files.
> I tried to execute this manually and here's what is happening...
>
> #net rpc group addmem "Administrators" "Domain Users" \
-S WINPCO32
> Password:
> Usage: 'net rpc group addmem <group> <member>
>
> root at sunbox:~# net rpc group addmem "Power Users"
"domain_name\username"
> Password:
> Could not add domain_name\username to Power Users: NT_STATUS_NO_SUCH_ALIAS
>
> I replaced the domain_name with the name of the domain and username
> with the appropriate user account.
>
> what does this error mean?
>
> Thanks
> Avinash
>
I noticed another error if i tried to add a new user temp to the "Domain
Users" group.

root at sunbox:~# net rpc group addmem "Domain Users" temp
Password:
Could not add temp to Domain Users: NT_STATUS_ACCESS_DENIED