Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > Adding a user in AD

Reply
Thread Tools

Adding a user in AD

 
 
MCP
Guest
Posts: n/a
 
      12-05-2003
I tried to add a user in AD yesterday, and when I added a
new user that was only a member of the domain users group
it created the object fine but when I logged off and try
to logon as that user it gave me the message "local system
policy prevents you from logging in interactivly", I know
that according to the MS 70-215 test there answer to this
situation is "give the user rights to log on locally". I
do not want to do this. I want them to be able to log on
to the domain. Next, I copied my account, the
administrator, I was able to log on as them just fine to
the domain, but now they are an administrator. That is
not good. I need to be able to add them as a domain user
only. How can this be done?
 
Reply With Quote
 
 
 
 
MCSE World
Guest
Posts: n/a
 
      12-05-2003
Sounds to me like you created this user account and are trying to login
locally on a Domain Controller---thus your problem. Users cannot (by
default) login locally to a DC. If this is your situation, you will have to
do one of the two things you mentioned: give them the right to logon
locally or make them a member of a group that already has this right.

Best,
Will
www.mcseworld.com



"MCP" <> wrote in message
news:0ae601c3bb2e$b6a98ac0$...
> I tried to add a user in AD yesterday, and when I added a
> new user that was only a member of the domain users group
> it created the object fine but when I logged off and try
> to logon as that user it gave me the message "local system
> policy prevents you from logging in interactivly", I know
> that according to the MS 70-215 test there answer to this
> situation is "give the user rights to log on locally". I
> do not want to do this. I want them to be able to log on
> to the domain. Next, I copied my account, the
> administrator, I was able to log on as them just fine to
> the domain, but now they are an administrator. That is
> not good. I need to be able to add them as a domain user
> only. How can this be done?



 
Reply With Quote
 
 
 
 
Marko
Guest
Posts: n/a
 
      12-05-2003

>-----Original Message-----
>Sounds to me like you created this user account and are

trying to login
>locally on a Domain Controller---thus your problem.


I'm not convinced that logging that user account onto a DC
is the cause of this error.

I won't give away the answer (where's the fun in that?)
but: Isn't there a Policy that can be applied that will
give that exact error message when you try to log onto a
workstation? Do the words "Deny Logon Locally" sound
familiar? Anyone???
 
Reply With Quote
 
Alex
Guest
Posts: n/a
 
      12-06-2003
That's what you see when a "normal" domain user try to logon to a Domain
Controller.


"Marko" <> wrote in message
news:da5301c3bb3f$d4ffe620$...
>
> >-----Original Message-----
> >Sounds to me like you created this user account and are

> trying to login
> >locally on a Domain Controller---thus your problem.

>
> I'm not convinced that logging that user account onto a DC
> is the cause of this error.
>
> I won't give away the answer (where's the fun in that?)
> but: Isn't there a Policy that can be applied that will
> give that exact error message when you try to log onto a
> workstation? Do the words "Deny Logon Locally" sound
> familiar? Anyone???



 
Reply With Quote
 
Sacha Kassami
Guest
Posts: n/a
 
      12-08-2003
It will work if u select "log on locally" thats all they
can do..they cannot change anything on the DC..they dont
have any administrative rights... they will still be able
to log on to the domain...they will still be in the
domain users group. i have tried it and succeeded...wen u
log on as a the user trying changing the time and date or
checking the local area network settings and click on
TCP/IP Protcol..it will tell u, u dont have the
sufficient rights to change them..

>-----Original Message-----
>I tried to add a user in AD yesterday, and when I added

a
>new user that was only a member of the domain users

group
>it created the object fine but when I logged off and try
>to logon as that user it gave me the message "local

system
>policy prevents you from logging in interactivly", I

know
>that according to the MS 70-215 test there answer to

this
>situation is "give the user rights to log on locally".

I
>do not want to do this. I want them to be able to log

on
>to the domain. Next, I copied my account, the
>administrator, I was able to log on as them just fine to
>the domain, but now they are an administrator. That is
>not good. I need to be able to add them as a domain

user
>only. How can this be done?
>.
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
adding user in contact list Gopi MCSE 5 10-10-2005 10:54 AM
Adding resource files to a form or user controle Gabriel Lozano-Morán ASP .Net 1 09-18-2005 11:51 AM
Dynamically Adding User Control with Child User Control Travis Pruitt ASP .Net Building Controls 0 01-13-2005 08:49 PM
Dynamically Adding User Control ravi sankar ASP .Net 1 08-29-2003 10:15 AM
Re: Adding user to the debug group MS News \(MS LVP\) ASP .Net 0 08-05-2003 11:33 PM



Advertisments