Adding local users in a 2003 Domain

I have a client machine server relationship in a Windows 2003 domain.  When I create a new user I add the new user to the AD butI also add them to the local users on the client machine.  Is this common practice? I see a lot of people only added the user to AD.  I have always done it adding them to both.  
hmcnastyAsked:
Who is Participating?
 
broeckskeConnect With a Mentor Commented:
You do not have to create the user on the local machine, that is the whole point of having a Active Directory domain, having only one point of administration for all clients in the domain.
0
 
KCTSConnect With a Mentor Commented:
Quite. Users only need to have domain accounts. they do not need and should not have accounts on the local machines - its a security risk. A few 'privilaged' users may occiaionally need to be administrators on the local machine, you can grand this right (sparingly), by adding their domain account to the local administrators group (or use a restricted group in group policy), but I repeat - domain uses do not need local user accounts.
0
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
I agree - there's no real point to it in a domain environment.  In a workgroup environment, this is necessary, but not at all in a domain environment.  And as KCTS says, doing so can create a security risk (and a lot more work for you).
0
 
hmcnastyAuthor Commented:
Thanks guys.  All answers helpful.  I think the reason I started doing it that way was due to an access file and at the time the only way I knew how to make it accessable was by added the local user account.  Now i knwo differently.  

Thanks
0
All Courses

From novice to tech pro — start learning today.