• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 337
  • Last Modified:

New users (local and on domain)

Hi

Im new to server and am trying to set up user accounts.

What i want to know is whats the difference between creating a new local account and a new user account on the domain.

 
0
LFC1980
Asked:
LFC1980
  • 4
  • 3
2 Solutions
 
elbereth21Commented:
Hi LFC1980,
the main difference is that local accounts can only log on the specific machine on which you create them, while domain accounts can login everywhere in the domain.
Beware: on domain controllers you cannot create local accounts.

Cheers!
0
 
LFC1980Author Commented:
Sorry. i dont think i worded my question properly.

what i mean was: If i was creating a local user account, how would it differ from creating a user account on the domain.


0
 
LFC1980Author Commented:
Also: "Beware: on domain controllers you cannot create local accounts."

does that mean in a netowrk of say 5 PCs, where 1 computer is a Win 2003 server machine that is a Domain controller. You can NOT create any local user accounts on the DC.

If so does this mean you have to create local accounts on the computer you want them to access ?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
elbereth21Commented:
So you mean the procedure?
Well, to create local users, simply open Computer Management, select Local Users and Groups and there you are.
For domain users, I think you already know you have to use Active Directory Users and Computers.
0
 
elbereth21Commented:
The answer to the second question is yes: if you want them to access a folder on a file server, they will have to enter the credentials of a local user of THAT file server. Clearly, it is better and more efficient to use domain users in this case.
0
 
LFC1980Author Commented:
Sorry....about the not being about to create users on a DC....What if you log onto that machine locally....or is that not possible.

0
 
elbereth21Commented:
No, you cannot (unless you restart the machine in Active Directory Restore Mode), simply because when a server is promoted to DC, its SAM (Account Manager) is dismounted and only a local user (the Local Administrator) is allowed to exist.
0
 
partexCommented:
Question:
whats the difference between creating a new local account and a new user account on the domain.

Answer: Local accounts can be created on non-Domain controllers and are stored in the local SAM on the computer where you created them. They will allow a user to sit down on that machine and physically log on.  A domain account is stored in Active Directory and replicates to other Domain Controller in the domain. By using a domain account the user can log on from any machine in the domain and access resources (where they have been granted permissions to do so). Think of 10 system and 1 domain controller. If you wanted to give BOB access to the 10 systems, you would need to create a local user account on each machine. On the other hand, if you created a single domain user account on the domain Controller, he would be able to log on from any of those machine.

Question:
Also: "Beware: on domain controllers you cannot create local accounts."

does that mean in a netowrk of say 5 PCs, where 1 computer is a Win 2003 server machine that is a Domain controller. You can NOT create any local user accounts on the DC.

If so does this mean you have to create local accounts on the computer you want them to access ?

Answer: Domain controllers are designed to only support domain accounts; therefore, you cannot create a local account on that machine. YOu could still create local user accounts on the other non-domain controllers but that would result in distributing your administration of user accounts across multiple machines---the whole reason you go to a domain is to avoid having to create local users accounts on each machine. Think "centralized administration".. Create the user's account on the domain controller and they automatically can log on to the domain from ANY computer that is a member of the domain.

0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now