domain user account -vs- local user account

Posted on 2011-10-10
Last Modified: 2012-05-12
I've just finished building a domain controller to change our network from a WORKGROUP to a more manageable and secure domain.
I've only created a few user accounts and (domain) security groups at the moment and I'm adding computers (that are rarely used) so I can do configuration and testing.
I'm adding them by right-clicking My Computer > Properties > Computer Name > Change... > clicking Domain (in Member of...) and typing in the domain.
I then use the user account that I created and click OK.  Restart the computer, log in and everything looks OK.
I need to access data from the old local user account and cannot do this because the new domain user account is "standard" or "power user" or something.  Can I make it so it is part of the Local Administrators?
Question by:Reece Dodds
    LVL 4

    Expert Comment

    Yes.  Right click My Computer, select Manage.  Computer Management window opens.  Expand Local Users and Groups, select Groups, add your domain users to the group Administrators
    LVL 3

    Accepted Solution

    If they had a "local" account on that machine previously, use a tool called ProfWiz to migrate the old profile to their new domain profile.

    Direct link:

    LVL 7

    Author Comment

    by:Reece Dodds
    @ ChiefTechGuru:  I know how to do this, but I use Run... control userpasswords2 and log in with a local administrative account to add them to the group.  It works, but I'd need to do this on every single one of the 40 clients...
    Is there a way that I can have this done for me with a GPO or once off login script?

    @mwiener1:  I will try this tool.  Thanks for the suggestion.  But, I do want to have the domain user profiles have full access to their local machine still...
    LVL 4

    Expert Comment

    You can run the command NET LOCALGROUP /ADD <DOMAIN>\<USER>.  If you combine with PSEXEC, you could complete the task of adding users to Local Admin group at the server.
    LVL 3

    Expert Comment

    If you use the tool above, they will be local admins if the local account was previously a local admin. It basically copies the settings from the old local account to the new domain account. I find it to be one of the most useful tools around.

    Expert Comment

    My Computer > Properties > Computer Name > Change

    or add user to the folder's permission list to allow access
    LVL 17

    Expert Comment

    by:Premkumar Yogeswaran

    Since you have moved from Workgroup to Domain. the domain users by default will have minimum level of access to the local system.

    You can add the user to Administartors group. but it will be removed automatically by group policy.

    To give the Administrator rights to the user. Add the user to restricted group in group policy.

    Check the link below to configure the restricted group.

    LVL 7

    Author Closing Comment

    by:Reece Dodds
    Awesome tool.  Did the job perfectly.  Thanks!

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now