Before installing active directory services and promoting windows server to domain controller, i created 3 local users for my brothers but after joining the domain i only can see my user(administrator) and a user called other user which provide a way to sign in the local users but i cannot sign in. Can anybody tell me the correct way to sign in the other local users or tell me the way that how can i show the other local user on the log on screen.

Recommended Answers

Once a server is promoted to a domain controller, you can no longer create local accounts on servers that change their role to domain controllers. From this point, you would have to create domain accounts (member servers and workstations can still have local accounts). You will need to log into …

Jump to Post

Sounds like the issue you were really having is that you were trying to log on a DC with an account that was a member only of the "Domain Users" group. By default, the Security policy applied to DCs will not allow Domain users to interactevly log on a DC.

Jump to Post

All 6 Replies

Once a server is promoted to a domain controller, you can no longer create local accounts on servers that change their role to domain controllers. From this point, you would have to create domain accounts (member servers and workstations can still have local accounts). You will need to log into the domain from either that server, or a domain joined workstation and launch the "Active Directory Users and Computers console" (ADUC). If you do not see the admin console(s) installed by default, you can add them from the control panel-->Programs and Features... These tools will be already installed on the DC that you promoted.

Once you run ADUC, you will notice a hierachial structure containing mainly system containers, two default containers you will notice is "Users" and "Computers". You can create user accounts in the "Users" container, until you create your own Organizational Units (OUs). An OU is similiar to a container, but there are slight differences in their purposes.

On computers that you will join to the domain, you should be logging on using the domain user accounts. However, you can create local accounts on domain joined computers.

promoted the users to server operators. now they can sign in the normal way. :)

Sounds like the issue you were really having is that you were trying to log on a DC with an account that was a member only of the "Domain Users" group. By default, the Security policy applied to DCs will not allow Domain users to interactevly log on a DC.

To rememdy that...

The user must be a member of a group that has the appropriate rights...

or for a lab/test environment, its common to modify the GPO and add in the "User Rights Assignmnet" portion of the policy, allowing Domain users to logon.

i am new to server OS, thats why facing difficulties.

That's OK everyone starts somewhere. Keep practicing and learning.

The first thing you need to do when you are installing window server2012 or any version, is that you should install the ADDS(ACTIVE DIRECTORY DOMAIN SERVICES) this role contains the following; Domain,Computer,User,which enable us to manipulate on the workstations. Then make all the workstations be the member of the domain and after this you can now create user account for each workstation.you can create an OU for them and reate GPO for them this is to set security policy and permission for them.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.