• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 580
  • Last Modified:

Add local account to Domain Controller

I have a network scanner being installed that requires a local account on the server. The only server in this office is a domain controller. How do I add a local account?
0
mhmservices
Asked:
mhmservices
1 Solution
 
willettmeisterCommented:
There are no such thing as a local account on a domain controller.  try adding an account and and setting the login up to be domain\username.
0
 
ScottGranadoCommented:
when you promo a server to a domain controller then all of the local accounts get move into active directory into "bultin" users.  These get propagated to all of your domain controllers in your environment.
0
 
mhmservicesAuthor Commented:
I'm looking in built-in and I see the normal groups that you would see on a non-DC server under manage-users and groups.


The network scanner we are getting requires an account that can log in locally. This is a limitation of Ricoh copiers that I had to spend many hours figuring out. Domain accounts simply don't work reliably. If I go to create a new user inside the "builtin" section of ADUC I still get asked to append the domain stuff to it.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
skca54Senior EngineerCommented:
As mentioned above all 'local' accounts cease to function as non-domain accounts. This is part of the security built into domain controllers. Your only option would be to setup another server that is not a domain controller.
0
 
ScottGranadoCommented:
gotcha, you want to setup an account then that's a member of the "domain admins" group, then it should be able to login to all of your machines and DC's with administrator privileges
0
 
willettmeisterCommented:
personally I would use the domain admins group sparingly.  

It sounds like you need to setup a domain account and then create a gpo to modify you security policy to permit the account that you setup to have the logon locally privilege.
0
 
LauraEHunterMVPCommented:
> "The network scanner we are getting requires an account that can log in locally."

Granting Domain Admin privileges to solve this problem is about #3 in the top 10 list of all-time bad security ideas, total overkill and not a best practice to say the least.

Create a domain account that is a normal user, and add this user to the local Administrators group of the machine(s) that the Ricoh software requires - for 1 or 2 machines you can add this account manually, or else use the Restricted Groups feature of Group Policy to add the account to the local Admins group of numberous machines.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now