Domain Controller Local Administrator

However it is really important to change local administrator password periodically to comply with company security standards.

Domain controller local administrator. The first icon is the last user who logged on and the second icon always shows other user. Instead of showing icons for all the users with accounts on the pc it now only shows two icons. Depending on what your needs are you might be able to add the user or service account into the domain administrators group within active directory.

As a systems administrator or engineer you might run into a situation where you need to add a user or service account as a local administrator on a domain controller. In this way the branch user can be delegated the ability to effectively. This permits a local branch user to log on to an rodc and perform maintenance work on the server such as upgrading a driver.

Unfortunately domain controllers don t have the local users and groups databases once they re promoted to a domain controller. As stated in the comments either method will result in adding the domain user to the domain group builtin administrators which will then grant that user administrative permissions to active directory. The same holds true for populating the local admins group via the restricted groups feature in group policies.

You cannot add a domain user account to the local administrators group on domain controllers. Even computer is joined with domain controller sysadmins are used to keep local administrator account as a backup login account to log into the computer when domain controller is not available. The laps local administrator password solution tool allows you to centrally control and manage administrator passwords on all domain computers and store the local admin password and its change date directly in the computer type active directory objects.

About your only saving grace is that you ve used the word 2008 which means that you could deploy a read only domain controller rodc which does allow you to make users local administrators of the individual rodc without granting any domain wide permissions. You can delegate local administrative permissions for an rodc to any domain user without granting that user any user rights for the domain or other domain controllers. How to logon to a domain controller locally.

However the branch user cannot log on to any other domain controller or perform any other administrative task in the domain.