Solved

Add domain user to local admin account

Posted on 2009-04-07
12
276 Views
Last Modified: 2013-11-25
Hi,

I have a Win 2003 domain called COMPANY, most of the computers in the office are members of that domain, the usual.    I also have a new PC called NEWBOX.

I want to add a domain account from the COMPANY domain to that PC called NEWBOX  with out having to make that NEWBOX a member computer in the domain.  Can that be done?  It's connected and the workgroup name is the same as the COMPANY domain.

All this is just so I can log processes from that PC using Perfmon !  And as far as I know perfmon has to be able to "see " that computer some how !?!

Cheers'
Dave

0
Comment
Question by:Dave_Cason
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 18

Expert Comment

by:Americom
ID: 24089221
no, the pc has to be in the domain..

0
 
LVL 25

Accepted Solution

by:
Ron M earned 500 total points
ID: 24089245
You can't make a domain user a member of a local user group without being joined to the domain.
You can however, make a local user account with admin privilages, that is the same user/pass as the domain account.

You can authenticate to that computer from command line from any remote machine as long as you have that local user pass...  
net use \\computername\ipc$ /user:computername\Adminuser yourpassword

This should allow you admin access to the machine from a domain computer.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24089282
Same workgroup name as the domain name still share nothing as pretty much everything in the workgroup has nothing to do with the domain.

Any reason you cannot make join the machine to the domain? Or what exactly are you trying to accomplish?
0
 
LVL 15

Expert Comment

by:zelron22
ID: 24089285
Be aware that whenever the AD password or the workstation password change, they will need to be resynced.

So you either need to make one/both not expire or prepare to resynchronize them.
0
 

Author Comment

by:Dave_Cason
ID: 24089303
Yea, thought so .....

What about using perf mon .... anyway around that ?

Cheers'
Dave
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24089379
If you can successfully authenticate to the machine using a local admin user/pass.......
net use \\ipaddress\ipc$ /user:ipaddress\LocalAdminuser yourpassword
...then you should be able to use perfmon.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24089386
If you are trying to setup  a perfmom to remotely monitor this PC, there is a field where you can input username and password as you wish to run as.
0
 

Author Comment

by:Dave_Cason
ID: 24089578
Yep, that was the whole point of this ....

I need to watch some system activivty on a PC with out running the perf mon on that local system.  

I know in perf mon you can point it to another PC but I thought that PC had to be a member of the same domain and I know in perf mon to go to add counter and point it to another box but I've never seen where you can input a user name and password.

Can you tell me how to please?

Cheers'
Dave

0
 
LVL 18

Expert Comment

by:Americom
ID: 24089658
Run Perfmom and do Performance Logs and Alerts.
There will be a Run as Field for you to enter computername\username and password.
That's the one you should use to remote monitor and capture etc.
0
 

Author Comment

by:Dave_Cason
ID: 24098504
Sorry, I had another look and I don't see where that's posable.

I opened Perfmon on my PC, it's an MMC snapin and its ver 5.1.2600.55512 and under Perf Logs and Alerts, I expand the menu and I get three choices Counter Logs - Trace Logs - and Alerts .....I don't see
where I can find thsi run as field.  Maybe I'm not on the same software tool as you. I don't know.

Are you're saying run the perfmon locally on that machine and log it there,and then review it from another box later?  I was hoping to run the perfmon on machine B to watch the actitvity on machine A in real time.

Cheers'
Dave

0
 
LVL 18

Expert Comment

by:Americom
ID: 24099004
You were just there and if you find the the counter logs etc, just right click on them and create a new log setting then the next window popup will have the Run As field. If you don't want to create a new setting, under the counter logs, there's already one created for you called "System...." and once you right click on it, you will also see the Run As option as well. I thought that would be the appropriate solution to monitor any machine remotely and that is what the Counter Logs, Trace Logs and Alerts are for exactly what you are trying to do. Creating addition local account is just not an appropriate solution as if you have to monitor another, you will have to create and manage another account...high maintenance. ..
0
 

Author Comment

by:Dave_Cason
ID: 24100198
OK, I'll go have a look .... thanks again for the help!
0

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now