Add local account to Domain Controller

There are no such thing as a local account on a domain controller.  try adding an account and and setting the login up to be domain\username.

when you promo a server to a domain controller then all of the local accounts get move into active directory into "bultin" users.  These get propagated to all of your domain controllers in your environment.

I'm looking in built-in and I see the normal groups that you would see on a non-DC server under manage-users and groups.


The network scanner we are getting requires an account that can log in locally. This is a limitation of Ricoh copiers that I had to spend many hours figuring out. Domain accounts simply don't work reliably. If I go to create a new user inside the "builtin" section of ADUC I still get asked to append the domain stuff to it.

As mentioned above all 'local' accounts cease to function as non-domain accounts. This is part of the security built into domain controllers. Your only option would be to setup another server that is not a domain controller.

gotcha, you want to setup an account then that's a member of the "domain admins" group, then it should be able to login to all of your machines and DC's with administrator privileges

personally I would use the domain admins group sparingly.  

It sounds like you need to setup a domain account and then create a gpo to modify you security policy to permit the account that you setup to have the logon locally privilege.