Ping a Specific Port

Question

David Bullock

Asked: 2011-04-29 05:50:07 +0800 CST2011-04-29 05:50:07 +0800 CST 2011-04-29 05:50:07 +0800 CST

Why are there no local users and groups on Windows 2K3/2K8 domain controllers?

772

MS have taken great pains to remove 'Local Users and Groups' from the GUI tools, and even if you tickle up lusrmgr.msc directly it complains that the snap-in won't run on a domain controller.

The question is "why not?" Why doesn't it make sense for a DC to have local security groups?

1 Answers

Voted

TheCompWiz · Answer 1 · 2011-04-29T05:55:00+08:00

Best Answer

TheCompWiz

2011-04-29T05:55:00+08:002011-04-29T05:55:00+08:00

In short, the "local users" become "domain users". Microsoft opt'ed to only allow 1 authentication repository for 1 computer. When you promote a computer to a domain controller, the local authentication repository is used to store domain accounts. Since there is no longer a set of local users/groups/etc... you're only left with domain users & accounts. In all honesty, having "local" users on a domain controller really defeats the purpose of having a domain controller in the first place.

15

Why are there no local users and groups on Windows 2K3/2K8 domain controllers?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?