Adding local users in a 2003 Domain

I have a client machine server relationship in a Windows 2003 domain.  When I create a new user I add the new user to the AD butI also add them to the local users on the client machine.  Is this common practice? I see a lot of people only added the user to AD.  I have always done it adding them to both.  
hmcnastyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

broeckskeCommented:
You do not have to create the user on the local machine, that is the whole point of having a Active Directory domain, having only one point of administration for all clients in the domain.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian PiercePhotographerCommented:
Quite. Users only need to have domain accounts. they do not need and should not have accounts on the local machines - its a security risk. A few 'privilaged' users may occiaionally need to be administrators on the local machine, you can grand this right (sparingly), by adding their domain account to the local administrators group (or use a restricted group in group policy), but I repeat - domain uses do not need local user accounts.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
I agree - there's no real point to it in a domain environment.  In a workgroup environment, this is necessary, but not at all in a domain environment.  And as KCTS says, doing so can create a security risk (and a lot more work for you).
0
hmcnastyAuthor Commented:
Thanks guys.  All answers helpful.  I think the reason I started doing it that way was due to an access file and at the time the only way I knew how to make it accessable was by added the local user account.  Now i knwo differently.  

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.