New users (local and on domain)

Hi

Im new to server and am trying to set up user accounts.

What i want to know is whats the difference between creating a new local account and a new user account on the domain.

 
LFC1980Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

elbereth21Commented:
Hi LFC1980,
the main difference is that local accounts can only log on the specific machine on which you create them, while domain accounts can login everywhere in the domain.
Beware: on domain controllers you cannot create local accounts.

Cheers!
LFC1980Author Commented:
Sorry. i dont think i worded my question properly.

what i mean was: If i was creating a local user account, how would it differ from creating a user account on the domain.


LFC1980Author Commented:
Also: "Beware: on domain controllers you cannot create local accounts."

does that mean in a netowrk of say 5 PCs, where 1 computer is a Win 2003 server machine that is a Domain controller. You can NOT create any local user accounts on the DC.

If so does this mean you have to create local accounts on the computer you want them to access ?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

elbereth21Commented:
So you mean the procedure?
Well, to create local users, simply open Computer Management, select Local Users and Groups and there you are.
For domain users, I think you already know you have to use Active Directory Users and Computers.
elbereth21Commented:
The answer to the second question is yes: if you want them to access a folder on a file server, they will have to enter the credentials of a local user of THAT file server. Clearly, it is better and more efficient to use domain users in this case.
LFC1980Author Commented:
Sorry....about the not being about to create users on a DC....What if you log onto that machine locally....or is that not possible.

elbereth21Commented:
No, you cannot (unless you restart the machine in Active Directory Restore Mode), simply because when a server is promoted to DC, its SAM (Account Manager) is dismounted and only a local user (the Local Administrator) is allowed to exist.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
partexCommented:
Question:
whats the difference between creating a new local account and a new user account on the domain.

Answer: Local accounts can be created on non-Domain controllers and are stored in the local SAM on the computer where you created them. They will allow a user to sit down on that machine and physically log on.  A domain account is stored in Active Directory and replicates to other Domain Controller in the domain. By using a domain account the user can log on from any machine in the domain and access resources (where they have been granted permissions to do so). Think of 10 system and 1 domain controller. If you wanted to give BOB access to the 10 systems, you would need to create a local user account on each machine. On the other hand, if you created a single domain user account on the domain Controller, he would be able to log on from any of those machine.

Question:
Also: "Beware: on domain controllers you cannot create local accounts."

does that mean in a netowrk of say 5 PCs, where 1 computer is a Win 2003 server machine that is a Domain controller. You can NOT create any local user accounts on the DC.

If so does this mean you have to create local accounts on the computer you want them to access ?

Answer: Domain controllers are designed to only support domain accounts; therefore, you cannot create a local account on that machine. YOu could still create local user accounts on the other non-domain controllers but that would result in distributing your administration of user accounts across multiple machines---the whole reason you go to a domain is to avoid having to create local users accounts on each machine. Think "centralized administration".. Create the user's account on the domain controller and they automatically can log on to the domain from ANY computer that is a member of the domain.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.