Adding a user in AD

Discussion in 'MCSE' started by MCP, Dec 5, 2003.

  1. MCP

    MCP Guest

    I tried to add a user in AD yesterday, and when I added a
    new user that was only a member of the domain users group
    it created the object fine but when I logged off and try
    to logon as that user it gave me the message "local system
    policy prevents you from logging in interactivly", I know
    that according to the MS 70-215 test there answer to this
    situation is "give the user rights to log on locally". I
    do not want to do this. I want them to be able to log on
    to the domain. Next, I copied my account, the
    administrator, I was able to log on as them just fine to
    the domain, but now they are an administrator. That is
    not good. I need to be able to add them as a domain user
    only. How can this be done?
     
    MCP, Dec 5, 2003
    #1
    1. Advertising

  2. MCP

    MCSE World Guest

    Sounds to me like you created this user account and are trying to login
    locally on a Domain Controller---thus your problem. Users cannot (by
    default) login locally to a DC. If this is your situation, you will have to
    do one of the two things you mentioned: give them the right to logon
    locally or make them a member of a group that already has this right.

    Best,
    Will
    www.mcseworld.com



    "MCP" <> wrote in message
    news:0ae601c3bb2e$b6a98ac0$...
    > I tried to add a user in AD yesterday, and when I added a
    > new user that was only a member of the domain users group
    > it created the object fine but when I logged off and try
    > to logon as that user it gave me the message "local system
    > policy prevents you from logging in interactivly", I know
    > that according to the MS 70-215 test there answer to this
    > situation is "give the user rights to log on locally". I
    > do not want to do this. I want them to be able to log on
    > to the domain. Next, I copied my account, the
    > administrator, I was able to log on as them just fine to
    > the domain, but now they are an administrator. That is
    > not good. I need to be able to add them as a domain user
    > only. How can this be done?
     
    MCSE World, Dec 5, 2003
    #2
    1. Advertising

  3. MCP

    Marko Guest


    >-----Original Message-----
    >Sounds to me like you created this user account and are

    trying to login
    >locally on a Domain Controller---thus your problem.


    I'm not convinced that logging that user account onto a DC
    is the cause of this error.

    I won't give away the answer (where's the fun in that?)
    but: Isn't there a Policy that can be applied that will
    give that exact error message when you try to log onto a
    workstation? Do the words "Deny Logon Locally" sound
    familiar? Anyone???
     
    Marko, Dec 5, 2003
    #3
  4. MCP

    Alex Guest

    That's what you see when a "normal" domain user try to logon to a Domain
    Controller.


    "Marko" <> wrote in message
    news:da5301c3bb3f$d4ffe620$...
    >
    > >-----Original Message-----
    > >Sounds to me like you created this user account and are

    > trying to login
    > >locally on a Domain Controller---thus your problem.

    >
    > I'm not convinced that logging that user account onto a DC
    > is the cause of this error.
    >
    > I won't give away the answer (where's the fun in that?)
    > but: Isn't there a Policy that can be applied that will
    > give that exact error message when you try to log onto a
    > workstation? Do the words "Deny Logon Locally" sound
    > familiar? Anyone???
     
    Alex, Dec 6, 2003
    #4
  5. It will work if u select "log on locally" thats all they
    can do..they cannot change anything on the DC..they dont
    have any administrative rights... they will still be able
    to log on to the domain...they will still be in the
    domain users group. i have tried it and succeeded...wen u
    log on as a the user trying changing the time and date or
    checking the local area network settings and click on
    TCP/IP Protcol..it will tell u, u dont have the
    sufficient rights to change them..

    >-----Original Message-----
    >I tried to add a user in AD yesterday, and when I added

    a
    >new user that was only a member of the domain users

    group
    >it created the object fine but when I logged off and try
    >to logon as that user it gave me the message "local

    system
    >policy prevents you from logging in interactivly", I

    know
    >that according to the MS 70-215 test there answer to

    this
    >situation is "give the user rights to log on locally".

    I
    >do not want to do this. I want them to be able to log

    on
    >to the domain. Next, I copied my account, the
    >administrator, I was able to log on as them just fine to
    >the domain, but now they are an administrator. That is
    >not good. I need to be able to add them as a domain

    user
    >only. How can this be done?
    >.
    >
     
    Sacha Kassami, Dec 8, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gopi
    Replies:
    5
    Views:
    2,781
  2. Piccolo

    Run As (user) and User Privilege Service

    Piccolo, Oct 4, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    7,411
    Piccolo
    Oct 10, 2004
  3. lbbss
    Replies:
    0
    Views:
    1,723
    lbbss
    Feb 11, 2005
  4. Replies:
    0
    Views:
    392
  5. XeDigital

    Problem in adding new user

    XeDigital, Mar 29, 2006, in forum: MCSA
    Replies:
    7
    Views:
    470
    karan
    Apr 7, 2006
Loading...

Share This Page