Announcement

Collapse
No announcement yet.

How to create a domain account (on a workstation)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to create a domain account (on a workstation)

    I have a very basic question and is as follows. I know how to create a domain account in Active Directory Users and Computers, but I'm not quite sure how to proceed.

    Since we are in AD and are using GPO, should I, upon joining a computer to a domain, go to Control Panel\User Accounts create the newly created account there? Or can the newly created user just log in to that machine and that's that?

    Please be as verbose as possible, the addition of documentation, URLs on this basic topic would also be appreciated (if even needed).

    The practice used to be to create the newly created account on the workstations as well and then choose if this will be a limited, power user or an admin account.

    PS: I wasn't entirely sure if the AD forum is the correct one or should I be posting this under client OSs. Please move it as needed.

  • #2
    Re: How to create a domain account (on a workstation)

    I'm thinking you're interested in knowing how to take a domain user and make them a local admin on their box???

    Otherwise, I'm afraid I'm as confused as you. Please elaborate (brevity is fine on what you are trying to do / unable to do currently.

    I take it Domain Admins are in the Local Administrators group and Domain Users are in the PC's Local Users Group.
    Cheers,

    Rick

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

    Comment


    • #3
      Re: How to create a domain account (on a workstation)

      rvalstar, thank you for the quick reply.

      I'll try to explain it a bit better.

      Before I got to my current employer, the previous administrator used the following procedure (with new users).

      - requested that an account in AD be created (he didn't do that on his own),
      - received the confirmation that the account has indeed been created,
      - went to the workstation and CP\User Accounts and created the account there (usually an admin one).

      My question is, is this normal practice or even necessary?

      I'd like that all the users be limited users and if someone or a group would need elevated permissions, that they'd receive them through GPO.

      So what is normal, prefered practice?

      - the account gets created in AD,
      - I log the new user on the workstation (should I create an account on the workstation in advance or not?).
      When if at all does it make sense to do so? When making them admin on the workstation?

      I'd gladly provide more details if needed. I just basically need to know if the user should have it's own account on each workstation they log on, or can they just log on without me creating the account on the workstation itself?

      How do you do this?

      Comment


      • #4
        Re: How to create a domain account (on a workstation)

        Hi, JohnyD.
        As far as I understand from reading your lines, it really seems like the right thing to do (or at least, not harmless).
        The users need to be created in the AD. I understand that you (as your predecessor) are not responsible for this action, so asking for the user account to be created and waiting for acknowledgment is OK.
        Next, by entering Control Panel -> User Accounts, I assume that he just added the new user to the right local group, instead waiting for the user to first login, create the profile and only then define it's membership to the local groups.
        I attach a screenshot of the Control Panel -> User Account control. As you can see, it does not allow you to add users, but to decide which (domain) users will have what rights on the specific computer.
        Last edited by sorinso; 9th November 2007, 21:28.

        Sorin Solomon


        In order to succeed, your desire for success should be greater than your fear of failure.
        -

        Comment


        • #5
          Re: How to create a domain account (on a workstation)

          sorinso, thank you for your reply as well.

          I'm just wondering if the extra step of first adding the domain user is even needed (common practice).
          Wouldn't it be better/easier to just login with the users credentials, the profile gets created, I make the appropriate changes and leave it at that. I only need the users to be limited users, if I'd need them to have local admin, then I can see why adding them to begin with makes sense.

          So my procedure would be:

          - requested that an account in AD be created,
          - receive the confirmation that the account has indeed been created,
          - logon with the users credentials and do any necessary changes if needed (I'd very much like to do as little as possible and control all the settings using GPO).

          Or is this not the correct, normal way of doing this?

          Comment


          • #6
            Re: How to create a domain account (on a workstation)

            I don't think that there is a "correct" or "normal way". You should use the method that suites you most.
            If you need the users to be just users, then there is nothing extra to do. The process should look like this:
            - the user account is created in the AD;
            - one can log in to a computer with this account;
            - a profile will be created based on the Default User profile existing on the specific computer. The user will be automatically added to the local Users group;
            - the login script will run;
            - any settings coming from the GPO will be applied.

            If you later will need to give specific users elevated privileges, you can use the net localgroup command, like this:
            net localgroup Administrators [domain\user] /add

            Sorin Solomon


            In order to succeed, your desire for success should be greater than your fear of failure.
            -

            Comment


            • #7
              Re: How to create a domain account (on a workstation)

              I'm a bit confused, but if I'm understanding the question correctly, there is no need to create a new user on a workstation, as if the computer is on the domain and you log in as a domain user, it will automatically set up the appropriate user folders, etc. You may have to set domain users into a particular type of group other than users (e.g. Power Users, etc.).
              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: How to create a domain account (on a workstation)

                You are right. There is no need. This is what I said in my post, do you think there's need to rephrase?

                Sorin Solomon


                In order to succeed, your desire for success should be greater than your fear of failure.
                -

                Comment


                • #9
                  Re: How to create a domain account (on a workstation)

                  Thank you very much for all your assistance. Makes it a lot clearer now.

                  Comment

                  Working...
                  X