Before installing active directory services and promoting windows server to domain controller, i created 3 local users for my brothers but after joining the domain i only can see my user(administrator) and a user called other user which provide a way to sign in the local users but i cannot sign in. Can anybody tell me the correct way to sign in the other local users or tell me the way that how can i show the other local user on the log on screen.

4 Years
Discussion Span
Last Post by Fowomola

Once a server is promoted to a domain controller, you can no longer create local accounts on servers that change their role to domain controllers. From this point, you would have to create domain accounts (member servers and workstations can still have local accounts). You will need to log into the domain from either that server, or a domain joined workstation and launch the "Active Directory Users and Computers console" (ADUC). If you do not see the admin console(s) installed by default, you can add them from the control panel-->Programs and Features... These tools will be already installed on the DC that you promoted.

Once you run ADUC, you will notice a hierachial structure containing mainly system containers, two default containers you will notice is "Users" and "Computers". You can create user accounts in the "Users" container, until you create your own Organizational Units (OUs). An OU is similiar to a container, but there are slight differences in their purposes.

On computers that you will join to the domain, you should be logging on using the domain user accounts. However, you can create local accounts on domain joined computers.

Edited by JorgeM


promoted the users to server operators. now they can sign in the normal way. :)


Sounds like the issue you were really having is that you were trying to log on a DC with an account that was a member only of the "Domain Users" group. By default, the Security policy applied to DCs will not allow Domain users to interactevly log on a DC.

To rememdy that...

The user must be a member of a group that has the appropriate rights...

or for a lab/test environment, its common to modify the GPO and add in the "User Rights Assignmnet" portion of the policy, allowing Domain users to logon.


i am new to server OS, thats why facing difficulties.


The first thing you need to do when you are installing window server2012 or any version, is that you should install the ADDS(ACTIVE DIRECTORY DOMAIN SERVICES) this role contains the following; Domain,Computer,User,which enable us to manipulate on the workstations. Then make all the workstations be the member of the domain and after this you can now create user account for each workstation.you can create an OU for them and reate GPO for them this is to set security policy and permission for them.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.