Domain Controller Local Administrator

This permits a local branch user to log on to an rodc and perform maintenance work on the server such as upgrading a driver.

Domain controller local administrator. About your only saving grace is that you ve used the word 2008 which means that you could deploy a read only domain controller rodc which does allow you to make users local administrators of the individual rodc without granting any domain wide permissions. Even computer is joined with domain controller sysadmins are used to keep local administrator account as a backup login account to log into the computer when domain controller is not available. Instead of showing icons for all the users with accounts on the pc it now only shows two icons. However the branch user cannot log on to any other domain controller or perform any other administrative task in the domain.

You can delegate local administrative permissions for an rodc to any domain user without granting that user any user rights for the domain or other domain controllers. However it is really important to change local administrator password periodically to comply with company security standards. How to logon to a domain controller locally. Unfortunately domain controllers don t have the local users and groups databases once they re promoted to a domain controller.

Switch on the computer and when you come to the windows login screen click on switch user. Depending on what your needs are you might be able to add the user or service account into the domain administrators group within active directory. The laps local administrator password solution tool allows you to centrally control and manage administrator passwords on all domain computers and store the local admin password and its change date directly in the computer type active directory objects. The first icon is the last user who logged on and the second icon always shows other user.

As a systems administrator or engineer you might run into a situation where you need to add a user or service account as a local administrator on a domain controller. That said all of the caveats and warnings above still apply. The same holds true for populating the local admins group via the restricted groups feature in group policies. In this way the branch user can be delegated the ability to effectively.