• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 572
  • Last Modified:

Add local account to Domain Controller

I have a network scanner being installed that requires a local account on the server. The only server in this office is a domain controller. How do I add a local account?
0
mhmservices
Asked:
mhmservices
1 Solution
 
willettmeisterCommented:
There are no such thing as a local account on a domain controller.  try adding an account and and setting the login up to be domain\username.
0
 
ScottGranadoCommented:
when you promo a server to a domain controller then all of the local accounts get move into active directory into "bultin" users.  These get propagated to all of your domain controllers in your environment.
0
 
mhmservicesAuthor Commented:
I'm looking in built-in and I see the normal groups that you would see on a non-DC server under manage-users and groups.


The network scanner we are getting requires an account that can log in locally. This is a limitation of Ricoh copiers that I had to spend many hours figuring out. Domain accounts simply don't work reliably. If I go to create a new user inside the "builtin" section of ADUC I still get asked to append the domain stuff to it.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
skca54Senior EngineerCommented:
As mentioned above all 'local' accounts cease to function as non-domain accounts. This is part of the security built into domain controllers. Your only option would be to setup another server that is not a domain controller.
0
 
ScottGranadoCommented:
gotcha, you want to setup an account then that's a member of the "domain admins" group, then it should be able to login to all of your machines and DC's with administrator privileges
0
 
willettmeisterCommented:
personally I would use the domain admins group sparingly.  

It sounds like you need to setup a domain account and then create a gpo to modify you security policy to permit the account that you setup to have the logon locally privilege.
0
 
LauraEHunterMVPCommented:
> "The network scanner we are getting requires an account that can log in locally."

Granting Domain Admin privileges to solve this problem is about #3 in the top 10 list of all-time bad security ideas, total overkill and not a best practice to say the least.

Create a domain account that is a normal user, and add this user to the local Administrators group of the machine(s) that the Ricoh software requires - for 1 or 2 machines you can add this account manually, or else use the Restricted Groups feature of Group Policy to add the account to the local Admins group of numberous machines.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now