We help IT Professionals succeed at work.

Can users with local accounts authenticate against Active directory?

jerryesd
jerryesd asked
on
I have 100 Macs that have local user accounts. I need to have them authenticate against active directory for printing. Is it possible to add active directory authentication without causing them to create new accounts? Could they continue using the same local accounts?
Comment
Watch Question

Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
Unfortunately no. You need an AD Account to Authenticate against the domain. What you can do is setup the users machine with a IP printer directly to the machine. This will bypass the print server and go directly to the printer.

If you have any restrictions on the printer for this you will need to modify them for this to work. Other than that you will be required to create new accounts.

Will.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Yes, you can. As long as the local account has the same name and password as a domain account, that is.
Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

Commented:
The user was specifically asking if this was possible without creating additional AD Accounts.
without causing them to create new accounts?

Could they continue using the same local accounts

Local accounts cannot authenticate against a domain.

Will.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
I read that as without causing them to create new accounts on the local machine (Mac).

Author

Commented:
Let me clarify. We have a server acting as a print server which runs PaperCut. AD is not set up on this server. Users have local accounts of their Macs. They have a PaperCut print client on their computer which they use to authenticate against PaperCut.

I am going to set up AD on the print server. I will the create user accounts in AD for each user. My goal is to get laptop users to authenticate against AD. This will eliminate the need for users to log into the PaperCut print client as I can have PaperCut use AD for authentication instead.

My question is if there is a way that these laptop users with local accounts can authenticate against user accounts in AD.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
That should work as stated in http:#a40647595

Author

Commented:
OK. So the process would be to create an account with the same username and password as the local account on the laptop and then join the computer to the network account server?
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Only the print server needs to be joined to the domain, if you mean that.
When you join a domain and use a domain account, you will get a 2nd account on the Mac even if you already have a local account with the same name, just as you would with Windows.  They have different SIDs and the 2nd account would have an extension in the folder name as well as different user permissions no matter what you do.

It's best to just create a local admin account first, join the domain, and make sure you enable mobile accounts.  Then log in with the domain account.

If you have an existing user account, you can always copy the settings (files and folders) of the local account to the domain account to copy the environment settings afterwards.  Then change the ownership of all the files and folders that got copied.  No matter what you do, you will have at least one local account in addition to the domain account.  It's always best for a laptop user to have a local backup account in any case.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
There is no need to join the domain!