Can users with local accounts authenticate against Active directory?

I have 100 Macs that have local user accounts. I need to have them authenticate against active directory for printing. Is it possible to add active directory authentication without causing them to create new accounts? Could they continue using the same local accounts?
jerryesdAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Unfortunately no. You need an AD Account to Authenticate against the domain. What you can do is setup the users machine with a IP printer directly to the machine. This will bypass the print server and go directly to the printer.

If you have any restrictions on the printer for this you will need to modify them for this to work. Other than that you will be required to create new accounts.

Will.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Yes, you can. As long as the local account has the same name and password as a domain account, that is.
Will SzymkowskiSenior Solution ArchitectCommented:
The user was specifically asking if this was possible without creating additional AD Accounts.
without causing them to create new accounts?

Could they continue using the same local accounts

Local accounts cannot authenticate against a domain.

Will.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
I read that as without causing them to create new accounts on the local machine (Mac).
jerryesdAuthor Commented:
Let me clarify. We have a server acting as a print server which runs PaperCut. AD is not set up on this server. Users have local accounts of their Macs. They have a PaperCut print client on their computer which they use to authenticate against PaperCut.

I am going to set up AD on the print server. I will the create user accounts in AD for each user. My goal is to get laptop users to authenticate against AD. This will eliminate the need for users to log into the PaperCut print client as I can have PaperCut use AD for authentication instead.

My question is if there is a way that these laptop users with local accounts can authenticate against user accounts in AD.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
That should work as stated in http:#a40647595
jerryesdAuthor Commented:
OK. So the process would be to create an account with the same username and password as the local account on the laptop and then join the computer to the network account server?
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Only the print server needs to be joined to the domain, if you mean that.
serialbandCommented:
When you join a domain and use a domain account, you will get a 2nd account on the Mac even if you already have a local account with the same name, just as you would with Windows.  They have different SIDs and the 2nd account would have an extension in the folder name as well as different user permissions no matter what you do.

It's best to just create a local admin account first, join the domain, and make sure you enable mobile accounts.  Then log in with the domain account.

If you have an existing user account, you can always copy the settings (files and folders) of the local account to the domain account to copy the environment settings afterwards.  Then change the ownership of all the files and folders that got copied.  No matter what you do, you will have at least one local account in addition to the domain account.  It's always best for a laptop user to have a local backup account in any case.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
There is no need to join the domain!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.