Register now or log in to join your professional community.
You cannot add a domain user account to the local administrators group on domain controllers. The same holds true for populating the local admins group via the Restricted Groups feature in Group Policies. As stated in the comments either method will result in adding the domain user to the Domain group Builtin\\Administrators, which will then grant that user administrative permissions to Active Directory. You can, however, setup local administrators on Read Only DCs (RODCs)on Windows 2008 DCs and higher. This will grant local permissions to the Server without granting advanced AD permissions. RODCs were designed primarily for remote offices where a local user can be granted permissions to administer the local DC and patch the server.Here is a good article on RODCs:http://technet.microsoft.com/en-us/library/cc732801(WS.10).aspx
now it cant add local user to domain controller
Click the Strat Program -----> Administrative Tools----> Active Directroires----> Group name----> Enter the Group name after you will back again .....
New-->ueser --> enter first name and last name--> User Login and Password after click the Next it i will created both of account