Domain local group from foreign domain can be added using “net localgroup” and GC search
“Net localgroup” on a vista domain member allows adding a domain local group from a trusted domain.
The membership is there but will never work as the SID will not appear in the access token of a user or computer connecting to the machine.
The GUI allows adding the group only when you focus on the GC.
The same behavior happens on Windows XP and Windows 2003,and Windows 2008.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB959078.