Remote editing user accounts

AD domain Windows 2003 R2
Clients : Domain-connected Clients Windows XP fully pathed

Is it possible to remotely edit the user-accounts on the Clients. NOT the local user-accounts, but User-accounts created on the Clients at:
Start -> Control Panel -> User Accounts , where it is possible to define AD-domain Accounts ?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Download and install the windows server 2003 support tools.  There is a tool included, active directory users and computers, that will allow you to edit everything for Active Directory.  To only modify the local users and groups on a remote computer, use the computer management interface and connect to the desired computer.
olefiskAuthor Commented:
Hi rogerard

Thanks for the prompt answer.
Surely I'm using Active Directory users and computers.
But managing local users and groups via the Management Console does only show users created as local client-accounts, not accounts created on the CLient as a Domain-Account.
The Issue is: When a specific domain-user logs on a specific domain-attached Workstation, the User shall have specific rights, t.ex Super User or Remote Desktop User.
Please see attached file which shows the User-Accounts on Workstation, where "V1a-988" is Workstation Name, "Titan" is AD-domain, and "des" is Domain-user

Rt Click Computer Management (Local), and connect to another computer.

Enter the workstation name, and you know have the Remote "Local Users and Groups".... Should be good for most tasks....

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

From command line....

"C:\WINDOWS\system32\mmc.exe" /s /computer="COMPUTERNAME" C:\WINDOWS\system32\lusrmgr.msc
Or via PSExec...


Then you can access all your net.exe commands as if you were sitting in front of the box.......

olefiskAuthor Commented:
Hi johnb6767

Thanks for Your Prompt Answers, but Your suggestions only shows the local users ......., not the locally created AD-Domain-users.
Thanks for the Advice concerning PStools, PSExec works fine, but I can't figure out the command showing all the User-Accounts which is shown under Control Panel -> User Accounts.
From the command prompt type net users to get a list of accounts.
olefiskAuthor Commented:
Hi again rogerard

Sorry but it still only shows the Local users, the ones which not logon to the AD-domain
Ok.  This one took me a bit to track down, but I think I may have finally prevailed!  :)  So here's the pickle....  The user that you're seeing when you are looking at the basic User Accounts window on a Vista or Windows 7 box does not display the same information that is in the advanced Users and Computers manager.  The so-called local Domain IDs aren't actually ID's created on the remote box,  but instead are Domain IDs that have been added to the local groups.  When you manage the remote computer and go look at the local groups, you will see listed there the users you're looking for.

If you would like to do this through a command prompt, using the pstools and psexec, if you run the command, net localgroup <group name>, you 'll get the users of the group name.  You can then pipe the results into a text file.  Good luck!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thats why I wasnt understanding. An AD User is not a local user but you will see an AD user in a Local Group. Any of the methods will do this above.....

"Sorry but it still only shows the Local users, the ones which not logon to the AD-domain"

Unless the Deny Logon Locall Right is populated with certain Domain Users/Groups, then ANY Domain User can logon to the PC. The reason you add them to the Local Groups is because you map thier AD account to local groups for permissions on the local box.....

olefiskAuthor Commented:
Hi rogerard and jonhb6767

Sorry for the delayed reply.
Thanks for Your efforts.

Seems to work fine with the net localgroup <group name>, but is heavy stuff to use on 100 workstations.....
Have tested  the possibility to add and delete users in the local groups, and it works !!
Somebody must have made a GUI-application/interface to handle this, I guess I'm not the only one, who puts domain-users into the local groups.
olefiskAuthor Commented:
have found an amazing tool, that handles the local usergroups:
Hyena from
Works like a charm !!!!!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.