Categories
Household-Waste-Disposal

How to add new user while your computer works under domain controller

The deployment settings enable you to control which users or groups can access the MED-V workspace, as well as how long the MED-V workspace can be utilized and whether it can be used offline. You can also configure additional rules to control access between the MED-V workspace and the host.

All MED-V workspace permissions are configured in the Policy module, on the Deployment tab.

To allow users to utilize the MED-V workspace, you must first add domain users or groups to the MED-V workspace permissions. You can then set permissions for each user or group.

How to Add a Domain User or Group

To add a domain user or group

In the Users / Groups window, click Add.

In the Enter User or Group names dialog box, select domain users or groups by doing one of the following:

In the Enter User or Group names field, type a user or group that exists in the domain or as a local user or group on the computer. Then click Check Names to resolve it to the full existent name.

Click Find to open the standard Select Users or Groups dialog box. Then select domain users or groups.

Click OK.

The domain users or groups are added.

Note
Users from trusted domains should be added manually.

How to Remove a Domain User or Group

To remove a domain user or group

In the Users / Groups window, select a user or group.

Click Remove.

The user or group is deleted.

How to Set Permissions for a User or a Group

To set permissions for a user or a group

Click the user or group for which you are setting the permissions.

Configure the MED-V workspace properties as described in the following table.

On the Policy menu, select Commit.

Workspace Deployment Properties

Property Description General

Enable Workspace for

Select this check box to enable the MED-V workspace for this user or group.

Workspace expires on this date

Select this check box to assign an expiration date for the permissions set for this user or group.

When selected, the date box is enabled. Set the date, and permissions will expire at the end of the date specified.

Offline work is restricted to

Select this check box to assign a time period in which the policy must be refreshed for this user or group. When selected, the time period box is enabled. Set the number of days or hours, and at the end of the specified time period, the user or group will not be able to connect if the policy is not refreshed.

Workspace deletion options

Click to set the MED-V workspace deletion options. For more information, see How to Set MED-V Workspace Deletion Options.

Support clipboard between host and Workspace

Select this check box to enable copying and pasting between the host and the MED-V workspace.

Support file transfer between the host and Workspace

Select this check box to enable transferring files between the host and MED-V workspace. Select one of the following options from the File Transfer box:

Both—Enable transferring files between the host and the MED-V workspace.

Host to Workspace—Enable transferring files from the host to the MED-V workspace.

Workspace to Host—Enable transferring files from the MED-V workspace to the host.

Note
If a user without permissions attempts to transfer files, a window will appear prompting him to enter the credentials of a user with permissions to perform the file transfer.

Important
To support file transfer in Windows XP SP3, you must disable offline file synchronization by editing the registry as follows:

REG ADD HKLMsoftwaremicrosoftwindowscurrentversionnetcache /V Enabled /T REG_DWORD /F /D 0

Click to set the advanced file transfer options. For more information, see How to Set Advanced File Transfer Options.

Enable printing to printers connected to the host

Select this check box to enable users to print from the MED-V workspace using the host printer.

Note
The printing is performed by the printers defined on the host.

Enable access to CD / DVD

Select this check box to allow access to a CD or DVD drive from this MED-V workspace.

Multiple Memberships

If the user is part of a group and permissions are applied to the user as well as to the group they are part of, all permissions are applied.

If the user is a member of two different groups, the least restrictive permissions are applied.

How would I go abouts doing this? The domain server is Server 2003 Standard 32bit. Thank you in advance!

Group Policy Preferences. In Group Policy Editor, go to Computer Configuration – Preferences – Control Panel Settings – Local Users and Groups. Right click, choose New Local User, set the Action to Create, and fill in as necessary. The new user will be created on any machine the GPO is applied to.

On Server 2003, you’ll need to connect to the domain controller from a machine running Vista or 7 using the Remote Administration Tools – I’m sure by this point you have at least one machine running one of those. XP and Vista clients will need the client side extensions installed, easily taken care of with WSUS.

The help desk software for IT. Free.

Track users’ IT needs, easily, and with only the features you need.

13 Replies

WillCAboutThat

What are you trying to accomplish by adding a local user?

Group Policy Preferences. In Group Policy Editor, go to Computer Configuration – Preferences – Control Panel Settings – Local Users and Groups. Right click, choose New Local User, set the Action to Create, and fill in as necessary. The new user will be created on any machine the GPO is applied to.

On Server 2003, you’ll need to connect to the domain controller from a machine running Vista or 7 using the Remote Administration Tools – I’m sure by this point you have at least one machine running one of those. XP and Vista clients will need the client side extensions installed, easily taken care of with WSUS.

and what group on the local PC are you wanting to add them to?

psexec x.x.x.x cmd -u username -p password
net user username password /add

where x.x.x.x – IP address of remote computer

This will add to local users (non-admin)

Psexec

psexec x.x.x.x cmd -u username -p password
net user username password /add

where x.x.x.x – IP address of remote computer

This will add to local users (non-admin)

Don’t forget that “@file Directs PsExec to run the command on each computer listed in the text file specified.”

psexec @computers.txt cmd -u username -p password net user username password /add

where computers.txt is a list of the computers you want to add the user to. One ip address or computer name per line.

Please find this subject regarding adding a local account using GPO step by step

The reason I need to do this is because for some reason the Active Directory account used for scanning will not work on users computers.. but a local account will. Is there anyway to use the psexec to create a local ADMIN account? For example in this case the user would be called “DLAKE” and I would like it to be a admin if possible.

The reason I need to do this is because for some reason the Active Directory account used for scanning will not work on users computers.. but a local account will. Is there anyway to use the psexec to create a local ADMIN account? For example in this case the user would be called “DLAKE” and I would like it to be a admin if possible.

Is DLAKE a domain (AD) account?

If yes, then this will work:

psexec x.x.x.x cmd -u DLAKE -p password

net localgroup administrators domainnameDLAKE /Add

Dlake is not a domain account.. if you are needing a domain acct it would be “Admin01”

User would be FTIAdmin01

So to get this to work for say.. 150 pcs I would do psexec x.x.x.x cmd -u Admin01 -p password net localgroup administrators FTIAdmin01 /add

Is that correct? Do I have to do that 150 times?

That seems a bit cumbersome..

Dlake is not a domain account.. if you are needing a domain acct it would be “Admin01”

Domain is FTI

User would be FTIAdmin01

So to get this to work for say.. 150 pcs I would do psexec x.x.x.x cmd -u Admin01 -p password net localgroup administrators FTIAdmin01 /add

Is that correct? Do I have to do that 150 times?

That seems a bit cumbersome..

Like David9467 mentioned above, try using a text file with list of computers, one computer name per line. Try first for 2 computers only and check.

psexec @C:computers.txt cmd -u Admin01 -p password

Connects you to first computer, then enter

net localgroup administrators FTIAdmin01 /Add

After the first computer is done, hit ‘CTRL+C’, then it automatically connects to second computer in the list. Use up arrow to repeat the second command. Like I said try for 2 computers. Worked for me.

Allow Domain User To Add Computer to Domain In this post you will see how to allow domain user to add computer to domain. This is basically allowing a user to join the workstations to the domain. You might say that a domain user can join the computers to the domain so what’s wrong? Okay, here is the right information, by default any authenticated user has this right and can create up to 10 computer accounts in the domain. If the user tries adding the 11th computer to the domain he gets the error.

As per Microsoft users who have the Create Computer Objects permission on the Active Directory computers container can also create computer accounts in the domain. The difference is that users with permissions on the container are not restricted to the creation of only 10 computer accounts. In addition, computer accounts that are created by means of Add workstations to domain have Domain Administrators as the owner of the computer account, while computer accounts that are created by means of permissions on the computers container have the creator as the owner of the computer account. If a user has permissions on the container and also has the Add workstations to domain user right, the computer is added, based on the computer container permissions rather than on the user right.

Allow Domain User To Add Computer to Domain

There are 2 ways to allow domain user to add or join computer to domain.

1) Assign rights to the user/group using the Default Domain Group policy.

2) Delegate rights to user using Active Directory Users and Computers.

Method 1 – Assign rights to the user/group using the Default Domain Group policy

To allow an user or group to add a computer to a domain you can perform the below steps.

Login to the domain controller and launch the Group Policy Management console. Right click the Default Domain Group policy and click Edit.

How to add new user while your computer works under domain controller

Allow Domain User To Add Computer to Domain

Navigate through Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Expand User Rights Assignment. On the right hand side double-click Add workstations to Domain policy.

How to add new user while your computer works under domain controller

Allow Domain User To Add Computer to Domain

Check the box Define these policy settings. Click Add User or Group and select the user or group. Click Apply and OK.

How to add new user while your computer works under domain controller

Allow Domain User To Add Computer to Domain

Method 2 – Delegate rights to user/group using Active Directory Users and Computers

Open the Active Directory Users and Computers snap-in. Right-click the container under which you want the computers to be added (In this example I am choosing the Computers container) and click on Delegate Control.

How to add new user while your computer works under domain controller

Allow Domain User To Add Computer to Domain

You will now see Delegation of Control Wizard. Click Next.

How to add new user while your computer works under domain controller

To add a user or group click Add. Once you are done click Next.

How to add new user while your computer works under domain controller

Tasks to Delegate – Click Create a custom task to delegate. Click Next.

How to add new user while your computer works under domain controller

Choose Only the following objects in the folder and check the box Computer Objects. Check the box Create selected objects in this folder. Click Next.

How to add new user while your computer works under domain controller

Permissions – Select General, select Create All Child Objects. Click Next.

How to add new user while your computer works under domain controller

Allow Domain User To Add Computer to Domain

I am running 10 pro and there is no “join domain” option at all

Go to the bottom of the ABOUT page and click RENAME THIS PC (ADVANCED)

This will take you to the original SYSTEM PROPERTIES page

Click CHANGE button and enter domain > restart > etc.

In the section “Related settings” there is a link “System Info” click this should take you to the old windows 7 system info screen. The third group down if headed “Computer name, Domain and workgroup settings” next to which is a link “Change settings”. This will take you to the old Windows 7 domain wizard. Don’t know if it will work – windows networking is always problematic in my experience

for those who don’t see “Join Domain” that’s explained in this article, I found “Advanced system settings” under “Related settings”…this brought back the old Windows interface.

i agree Michael Mast on my computer there is no join domain button somehow they need to add a button or something else.

running win10 pro. The domain does not show under networks in explorer. PC cannot connect to the domain when trying to join. Server running Server2008 with 2003 functional level. Are any changes required on the firewall required? PC’s running XP join the domain without any problem. Any ideas?

change the dns settings on the client machine to point at the server. Once connected you can change them back again if required.

Frustratingly couldn’t connect to the domain but this suggestion worked for me, went into the network settings, clicked on the ipv4 connection and clicked properties and changed automatically accept DNS address and entered the servers DNS address manually. Once updated, the laptop connected straight away. Once connected and logged in I reverted the DNS settings to automatic. Thanks a bunch for this suggest @Mark.

I can access to domain, and I can access to shared server resources, but every time I log into domain, I log in with a temporary profile.
In windows register there aren’t any .bak entry. I’ve tried to remove users, create again, remove entries in register, but always the same problem.
Do ypu hace any idea how to solve this?

Any idea why my registered workstation windows 10 machines are registered as Operating System MAC OS in my Active Directory console ? Even in my network asset inventory tool is registered as MAC OS operating system.

I appreciate any help.

How can I remove the other user choice in lock screen?

The moment I connect with my organization’s domain, my win 10 apps, start menu and task bar does not open anymore. Any idea how to resolve it?

I try the tips given above but nothing changes.after I have format my system it was win 7 b4 when I installed win 10 at the final process of the installation my battery run down. When I switched on the system it ask me to sign-in into
How do I sign-in into another domain?
And sign-in options: local or domain account password and Microsoft account.
Can anyone help me and I don’t have Microsoft account

I have upgraded to windows 10 pro but the join domain option still does not appear. The Microsoft tech reinstalled but no change. Any ideas?

Farther up the thread is mentioned that W10pro doesn’t offer “Join Domain”, need W10home edition.
The SurfacePro4 is a joke – how many decades have laptop’s been around now? And simple home networking? And MicroSoft can’t get it right with their latest and greatest portable piece of equipment?
Lets see – problems with battery charging at the most basic level, SP4’s hang at the “getting Windows ready” for hours on end, both of these problems have made it thru SP2, 3 and now the 4’s, and now can’t connect to a home network – day one I used a USB/ETH adapter because home isn’t microwaved (i mean wifi’d) and could connect everywhere, day 2 that same connection will not ping others let-alone connect to internet, nothing changed. Thanks BG/MS.

I have with me one laptop, with windows 10 pro, i am not able to join this laptop to domain. I have web domain register with godaddy.

I click to 1)This PC 2)Moves to page Control Panel->System and Security->System, 3) This shows page View Basic Information about your computer 4)I click on Change Setting link 5) It opens System Properties Page 6) I click on Change Button to which shows me my computer name and allows to become member of domain. 7)I select radio button for domain 8)Enter my domain name which i have registered with godaddy and click ok 9)it shows error as under:
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:WINDOWSdebugdcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain “spinfonet.com”:

The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)

Can you tell me exact procedure to join my computer to domain? and how can i configured my dns.

You need to have network access to a pc running Windows Server Edition and we are talking about Active Directory domains, not web domains.

Win 10 pro no place to join domain,i try changing from propertis in my computer till asks for username n password for domain,after entering cant connect to the domain error.advise

I found join a domain under Settings, Accounts, Access work or school, Connect, Join this device to a local Active Directory domain.

can’t find my domain but at least I have the spot to continue trying

you need to click on the “change your key” text to get to the page u want. Its a pain in the rump. that or just pressing “win + Pause/break”

I am looking into doing this in place of a VPN. Does connecting allow you to control the server PC like a VPN, or does it just let you access files?

You can create a local user account (an offline account) for anyone who will frequently use your PC. The best option in most cases, though, is for everyone who uses your PC to have a Microsoft account. With a Microsoft account, you can access your apps, files, and Microsoft services across your devices.

If needed, the local user account can have administrator permissions; however, it’s better to just create a local user account whenever possible.

Caution: A user with an administrator account can access anything on the system, and any malware they encounter can use the administrator permissions to potentially infect or damage any files on the system. Only grant that level of access when absolutely necessary and to people you trust.

As you create an account, remember that choosing a password and keeping it safe are essential steps. Because we don’t know your password, if you forget it or lose it, we can’t recover it for you.

Create a local user account

Select Start > Settings > Accounts and then select Family & other users. (In some versions of Windows you’ll see Other users.)

Next to Add other user, select Add account.

Select I don’t have this person’s sign-in information, and on the next page, select Add a user without a Microsoft account.

Enter a user name, password, or password hint—or choose security questions—and then select Next.

Change a local user account to an administrator account

Select Start >Settings > Accounts.

Under Family & other users, select the account owner name (you should see “Local account” below the name), then select Change account type.

Note: If you choose an account that shows an email address or doesn’t say “Local account”, then you’re giving administrator permissions to a Microsoft account, not a local account.

Under Account type, select Administrator, and then select OK.

Sign in with the new administrator account.

If you’re using Windows 10, version 1803 and later, you can add security questions as you’ll see in step 4 under Create a local user account. With answers to your security questions, you can reset your Windows 10 local account password. Not sure which version you have? You can check your version.

Create a local user account

Select Start > Settings > Accounts and then select Family & other users. (In some versions of Windows you’ll see Other users.)

Select Add someone else to this PC.

Select I don’t have this person’s sign-in information, and on the next page, select Add a user without a Microsoft account.

Enter a user name, password, or password hint—or choose security questions—and then select Next.

Change a local user account to an administrator account

Select Start >Settings > Accounts .

Under Family & other users, select the account owner name (you should see “Local Account” below the name), then select Change account type.

Note: If you choose an account that shows an email address or doesn’t say “Local account”, then you’re giving administrator permissions to a Microsoft account, not a local account.

Under Account type, select Administrator, and then select OK.

Kris Powell

Good news, everyone! Did you know that it is super easy to add users to Active Directory with PowerShell? Yep, not kidding. It really is super easy.

Prerequisites For Using Active Directory with PowerShell

Since we now have our lab test domain, we’re going to need to populate it with users.

Fortunately, adding user accounts to Active Directory with PowerShell is an absolute breeze. Even mad scientist wannabe’s like myself can tackle the problem head on.

First things first, we need to make certain to meet all the requirements in order to use Active Directory with PowerShell.

Make sure you have the following:

Only required if you’re running from a machine that isn’t a domain controller. Alternatively, you could remotely connect to a domain controller.

PowerShell (on and warmed up)

List of users to import into Active Directory

Coffee (or your beverage of choice)

Adding Users to Active Directory with PowerShell

First, let’s check out what commands are available for Active Directory with PowerShell. I’m going to narrow it down to all the Active Directory cmdlets that start with the word New- (since we want to create new users):

Based off the results, I’m thinking that New-ADUser is going to be the star of our blog. Let’s look at what parameters are available.

In newer versions of PowerShell on Windows 10 and later, the module PSReadLine is installed and imported by default, so I can type the following to see the parameters of New-ADUser :

(You can then press Ctrl+Space to see the list pop up, as in the screenshot below.)

Looking at the available parameters, we should have more than plenty to work with. (Definitely way too many to cover in this blog!)

Starting small seems like the prudent choice. If we can get it working with a simple example, we can start adding more and more options as we see fit.

Let’s just try creating a user with:

No news is good news. The command seems to have completed without error, so let’s go check out our new user object in Active Directory.

Looks like the account was created successfully, but there are a few things to note about the newly created account:

No password set by default

Not enabled (because there’s no password)

No basic information (such as names or user information)

No attributes defined

Default OU location (typically the default Users OU)

This seems like more work to cleanup than it might be worth. With that, let’s move on.

A more complicated example

Let’s up our game a bit more by defining some extra fields and providing a temporary password for our account with ConvertTo-SecureString .

Since I’m going to provide a lot of parameters, I’m going to utilize a technique known as splatting.

Once again, no news is good news. As mentioned above, the @Attributes is using a technique known as splatting, which uses a hash table to pass named parameters. Our $Attributes variable is being defined as a hash table in this example.

We can verify that our user is actually created:

Adding users to Active Directory with a .csv file

Now that we’ve figured out how to do some complicated examples, we want to be able to create multiple accounts at once. No more Mr. Test Guy.

Plus, I’d like to specify the OU that I’d like the accounts to reside in.

We need to match up our fields from our .csv file to the fields in Active Directory.

Here’s what our user list looks like:

Based off the screenshot above, we have less data than we did for our Test Guy account. So, we’re not going to use all the same fields that we used in the last example.

Plus, some of the columns in our .csv file are slightly different from what Active Directory is expecting, so we’ll need to make sure to map them properly in our PowerShell script.

With that, here’s one final example importing the csv (Import-Csv), integrating a loop and .csv file. (Please note that if you’re specifying a different OU, you’ll need to use the DistinguishedName attribute.

You can see that I’m using the first and last names in the .csv file to create the Name , UserPrincipalName , and the SamAccountName values. The $() syntax is for subexpressions, check out this blog for more info.

In any case, let’s go verify that our accounts were created.

Everything looks good! Our lab is ready to roll with our fancy new users.

Today was all about the basic, no frills importing of users into Active Directory. Perhaps we’ll go into a little more complicated example in the near future.

Until then, happy PowerShell-ing!

I don’t know about you, but I’m off to find a lab coat; I need to embrace my inner mad scientist persona.

I cannot add a domain user to the local administrators group of a workstation. This workstation is setup on a separate site with a RODC. I can login to the workstation as the user in question, but when I try to add the user as a local admin, I do a search for the user and he does not appear. The user is listed on the local RODC so it has replicated. I am attempting to add the user to the local admins while I am logged in as the domain admin. I have tried from control panel and computer management. Any ideas?

The first basic question I’d ask, is the computer connected to the domain, and knows to contact that RODC for info? Or is that user instead possibly a fully local user. Just getting that out of the way first.

Assuming you have that squared away, have you tried:

net localgroup administrators /add domainuser

The help desk software for IT. Free.

Track users’ IT needs, easily, and with only the features you need.

14 Replies

Can you find any domain user? Is the “Location” of the search set to the domain?

Can you log in to the computer as a user who has never logged in to it before? I wonder if it can’t contact the domain so you have to make sure it isn’t using cached credentials.

Yes, it can find some users, but not any newly created ones (created today). I have tried changing the location from the domain to entire directory. Yes, I was able to login as one of the newly created users (never logged in anywhere else before)

The first basic question I’d ask, is the computer connected to the domain, and knows to contact that RODC for info? Or is that user instead possibly a fully local user. Just getting that out of the way first.

Assuming you have that squared away, have you tried:

net localgroup administrators /add domainuser

As I got ninja’d for some of that, I’d see if the machine is trying to connect to the main domain instead of the RODC and is timing out.

It is connected to the domain.
The DNS is pointed to the RODC and the primary DC as secondary (which it can also ping)

Running the cmd line fixed the issue.
Does anyone know why this would happen?

Are you logged in the local workstation as an admin or user with rights to add the user?

I was logged in as the domain admin.

Whats the error message you are getting when adding the user fails?

sometimes it works from command line better

change user [john] and group [domain admin] (quotes required if there is a space) as necessary for your situation

I was getting “Name Not Found” and it would come up with the search option again. Now, even though the username has been added to the local admin group it still cannot find his username.

For instance I go into computer management.
Then go into the administrators group.
Click Add.
Location is set to the domain, object type includes users
In the “Enter the object names to select” I enter “randy” (without the quotes, the username is randy_j)
Then the name not found box comes up.
If I just enter R in the search box it comes up with a list of usernames but randy_j is not listed.

try using the FQDN or DOMAINUSERNAME or [email protected]

You mentioned a sperate site. Is this a seperate domain and if so which domain is this workstation in?

It is the same domain, but separate site. As I stated above, using the cmd line I was able to add the user as a local admin successfully. However, I am just trying to find out why it would not be appearing via the search from control panel and computer management.

If you logged in as the user first, there should have been a local account. I am not sure why you did not see the account, nor could find it while logged in as domain admin, but I might have tried logging in a local admin account (assuming you have a default local admin account). Not sure if it would be the solution, but I would have tried that. You may set domain policy yourself and know that there are no issues with it, but I don’t set domain policy and I often find “strange things” that I can and cannot do and or see or not see. Course I have more issues with knowing from one day to the next it seems telling standard users what they can or cannot do or how things should appear for them.

I installed ADLDS to my development machine in hopes to be able to test authentication from .NET code without having to have a separate machine (or even VM) running Active Directory. Everything went well until I tried to add a user to the “domain”. Here’s what I have done so far:

FIRST: Installed Active Directory Lightweight Directory Services (AD LDS) for Windows7, checking all the boxes for the classes and modules (sorry, can’t remember exactly what that wizard step was talking about). As a result, I’m able to connect to my domain controller using the newly-installed tool “Active Directory Sites and Services”:

How to add new user while your computer works under domain controller

THEN: Ran the “Active Directory Users and Computers” snap-in and tried to connect to my local machine as the “Domain Controller”. When I did that, here’s what I got:

But, then when I clicked OK to view the users in the domain, I got.

How to add new user while your computer works under domain controller

I understand that ADLDS stands up a lightweight Domain Controller. is it so lightweight that I can’t even add users for testing authentication? Is there something I can do or add to this instance to make users possible in ADLDS?

1 Answer 1

I can tell you how to do this (and I do below) but I first want to make a run at telling you about the cons.

The core issue is that AD domains are not the same thing as ADLDS. While the core code base is the same (ldap head, storage, replicator, . ) the protocol suite offered on top is different. And this is where it will get you. Many would say that if you’re running your app on Windows, using pure LDAP binds as a form of auth is not ideal. using Windows APIs (ex: LogonUser) is a far better path. And this sort of dependency will always fail against LDS as it is only the LDAP core, not the rest of the protocol suite.

That said, many things do work the same. And so you can create users in LDS, so long as you import the user schema extension. This used to ship with the LDS product itself (ms-user.ldf or something like this) so search for *ldf files on your disk and you should find it kicking around. Even when you do this, however, not all tools will work. Tools like the one above might or might not, I honestly can’t remember anymore. It will be a semi-random set. I predict you will never be fully satisfied.

This is not to say your dev effort can’t be successful. I have done exactly what you are doing. You just will need to learn to live w/o the full toolset. LDP and adsiedit will soon become your friends.

Expanding your domain? Monitor every domain controller and endpoint from a single console and
secure your Active Directory setup.

Get Your Free Trial Free, fully functional 30-day trial

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on his Active Directory. This helps him identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects – Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Expanding your domain? Monitor every domain controller and endpoint from a single console and
secure your Active Directory setup.

How to add a domain controller?

At times, you might want to have an additional domain controller to balance the load, and increase fault tolerance. This page elaborates the steps needed to add a domain controller to your Active Directory (AD) environment.

Step 1: Install Active Directory Domain services (ADDS)

  1. Log into your Active Directory Server with administrative credentials.
  2. Open Server Manager → Roles Summary → Add roles and features.

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

Step 2: Promote the server to a domain controller

Note: The following actions can be performed only if the user belongs to the Domain Admins group.

    Once the ADDS role is installed in this server, you will see a notification flag next to the Manage menu. Select “Promote this server to a domain controller”

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

How to add new user while your computer works under domain controller

Your system will be rebooted after replication has taken place. Verify the health of the new domain controller by running dcdiag /v from the command line.

Windows 10 with its store & cloud integration is designed to be connected to and stay in sync across multiple devices. This and other privacy concerns make it more and more preferable to have separate accounts for different users of a PC. Here’s how to add new users to a Windows 10 PC (via Microsoft account or Local account) and provide them with Administrator privileges.

Adding a New User Using a Microsoft Account

Using a Microsoft account is recommended because it keeps the PC in sync with other devices using the same Microsoft account and hence provide a consistent experience. Adding a Microsoft account would automatically connect and activate the apps such as Mail, Calendar, People, Office, OneDrive; etc and keep them updated on all devices. To add a new user (using Microsoft Account) to a Windows 10 PC, follow the steps below:

  1. Click Start, type Add Users and select the first result i.e. Add, edit or remove other users.
  2. Under Other Users, select Add someone else to this PC.How to add new user while your computer works under domain controller
  3. If you previously have a Microsoft account, enter the email address associated with it. Otherwise, select to sign up for a new one.How to add new user while your computer works under domain controller
  4. Select Finish on the next step and the initial setup is done.
  5. When the user logs in for first time, his connected apps and services will be configured and synced.

Adding a New User as a Local Account

Whilst Windows 10 does offer to add local users to the PC, it is carefully hidden causing more and more people to switch over to the Microsoft account. Following are the steps to add a new local user to the Windows 10 PC.

  1. Click Start, type Add Users and select the first result i.e. Add, edit or remove other users.
  2. Under Other Users, select Add someone else to this PC.
  3. Select The person I want to add doesn’t have an email address.How to add new user while your computer works under domain controller
  4. Select Add a user without a Microsoft Account.How to add new user while your computer works under domain controller
  5. Enter a Username and a password (if needed) and click NextHow to add new user while your computer works under domain controller
  6. Initial setup is done and Windows will install the user’s apps and services during the first sign-in.

Promoting a User as Administrator

By default, all new users are given a standard user account. To promote the user as administrator, follow the steps as mentioned below:

  1. Click Start, type Add Users and select the first result i.e. Add, edit or remove other users.
  2. Click on the user to be promoted and select Change account type.How to add new user while your computer works under domain controller
  3. Select Administrator under Account type and press OK.How to add new user while your computer works under domain controller

That’s it. The new user will now be able to add new programs or make any change to system without needing authentication from a different administrator user.