Listen to this Post
There are two types of user accounts: domain-based and local. Domain accounts allow centrally managed network access, whereas local accounts grant access to a single device. The fundamentals of comprehending and handling various account types for improved security and access control are covered in this guide.
You Should Know:
1. Creating a Local User Account in Windows:
To create a local user account, use the following command in Command Prompt (Admin):
net user <username> <password> /add
Replace `` and `` with your desired credentials.
2. Adding a User to a Domain:
To add a user to a domain, use the following PowerShell command:
New-ADUser -Name "JohnDoe" -GivenName "John" -Surname "Doe" -SamAccountName "johndoe" -UserPrincipalName "[email protected]" -Path "OU=Users,DC=yourdomain,DC=com" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true
3. Switching from Local to Domain Account:
To join a computer to a domain, use:
Add-Computer -DomainName "yourdomain.com" -Credential "yourdomain\adminuser" -Restart
4. Managing Domain Users:
To list all users in a domain, use:
Get-ADUser -Filter * -SearchBase "DC=yourdomain,DC=com"
5. Resetting Passwords:
To reset a local user password:
net user <username> <newpassword>
For domain accounts:
Set-ADAccountPassword -Identity "johndoe" -NewPassword (ConvertTo-SecureString "NewP@ssw0rd" -AsPlainText -Force) -Reset
6. Deleting Accounts:
To delete a local user:
net user <username> /delete
To delete a domain user:
Remove-ADUser -Identity "johndoe"
7. Checking Account Status:
To check if a local account is active:
net user <username>
For domain accounts:
Get-ADUser -Identity "johndoe" -Properties Enabled
8. Enabling/Disabling Accounts:
To disable a local account:
net user <username> /active:no
For domain accounts:
Disable-ADAccount -Identity "johndoe"
9. Group Management:
To add a user to a local group:
net localgroup <groupname> <username> /add
For domain groups:
Add-ADGroupMember -Identity "Domain Admins" -Members "johndoe"
10. Auditing Account Logins:
Enable login auditing in Windows:
auditpol /set /subcategory:"Logon" /success:enable /failure:enable
What Undercode Say:
Understanding the differences between domain and local accounts is crucial for effective system administration and security. Domain accounts are ideal for centralized management in large networks, while local accounts are suitable for standalone systems. Always ensure strong password policies, regular audits, and proper group management to maintain a secure environment. For further reading, check out Microsoft’s official documentation on Active Directory.
References:
Reported By: Shamseer Siddiqui – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
