Windows 10: Add a work user in Windows 10 connected to Domain

Discus and support Add a work user in Windows 10 connected to Domain in AntiVirus, Firewalls and System Security to solve the problem; Hi, I've got a simple issue that I would like to get some insight and possibly Microsoft would implement in a working state. First of all I would... Discussion in 'AntiVirus, Firewalls and System Security' started by Power2077, Dec 2, 2020.

  1. Power2077 Win User

    Add a work user in Windows 10 connected to Domain


    Hi,

    I've got a simple issue that I would like to get some insight and possibly Microsoft would implement in a working state.

    First of all I would like to start with a PC that is joined to the Domain. Due to security Purposes we would like to have the user log in to the system without needing to connect to our network. I already suggested DirectAccess, however this company is big and probably won't implement that within the next few years And without us IT guys having to get user's password to login to the system after imaging before mailing the laptop to the user, which defeats the purpose of password security. We use Remote Software to sometimes get into the system when the user can't login to Windows and we login to VPN. However that is like 5% out of 95% chance it works.

    In Windows 10, there is a option to add a user from the domain. Control Panel > User Accounts > User Accounts > Manage User Accounts > Add

    Add a work user in Windows 10 connected to Domain dd985701-b441-4d89-b1b6-76f50a867d95?upload=true.png

    I tested this and the user still needs to connect to your Domain network in order to login the first time to cache the profile on the system. My guess its because Windows 10 Contacts the Domain in order to create the profile in the C:\Users which only happens when user logs into Windows. I feel this "Add a Domain Account" is a waste of feature if the user already has permission to login to this system through AD and need to be on the Domain network anyways.

    I feel like Microsoft can take this a step further and implement this feature all the way.

    Like, 1. We OIT Admins login to the system for the first time after its been imaged

    2. We OIT Admins add user to the system from the feature mentioned above The system then contacts the DOMAIN and says, "Hey, this user is being added to the system. Then it copies whatever attributes from AD onto the system, like username and password"

    3. We OIT Admins can send the laptop to the user and user can login without us remoting in first for VPN, or needing to be in the office and on domain network.

    I've been thinking about this because of COVID-19 and it helps when the user doesn't need to drive to the office and when the user lives in a different State. Also, this would help in the future to make things easier for us OIT Admins/Tech. Seems like many people, company would benefit this a lot. I've tried googling but haven't seen someone using this feature and it worked.

    Or if Microsoft won't, I would like to implement this into our environment somehow using Powershell and Batch script but I need to know how the Laptop Contacts the Domain when a user logs in the computer the first time or what file would tell me that. With all many files/folders/locations, I'm having many difficulties.

    Any comments, ideas, info would be greatly appreciated.

    Thank you,

    :)
     
    Power2077, Dec 2, 2020
    #1
  2. changari Win User

    Raising the windows domain and forest issues?


    hi,

    I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
    That went off without any problems.. Our trust relationships had no issues also.

    My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
    These are the features for raising the levels to 2008:

    • Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
    • Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    • Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    • Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

    Forest Level Windows Server 2008

    • Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.


    My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

    The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

    Domain Level Windows Server 2008 R2

    • All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

    Forest Level Windows Server 2008 R2

    • All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:


    • Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
    • All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

    Here is my big concerns for the next raising of domain and forest to 2012.

    Forest Level Windows Server 2012:

    • All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
    • All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

    Domain Level Windows Server 2012 R2: <=====
    Need to investigate more and why this post

    • DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:


    • Authenticate with NTLM authentication <==============(what issues may arise)
    • Use DES or RC4 cipher suites in Kerberos pre-authentication
    • Be delegated with unconstrained or constrained delegation
    • Renew user tickets (TGTs) beyond the initial 4-hour lifetime


    Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
    and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

    Has anyone gone through this? what problems did you have, if any , if a lot???

    Any thoughts and suggestions will be much appreciated??

    thanks


    - - - Updated - - -

    One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
    PLEASE LET ME KNOW
     
    changari, Dec 2, 2020
    #2
  3. Windows 10Pro unable to login 2008 domain from domain user after upgrade

    • I upgraded our Windows 7 Pro to Windows 10 and it's done successfully
    • When I log in with domain Administrator account and it works fine
    • But when I tried to log in with existing domain user or new domain user after entering the password the welcome screen shows then sign out immediately

    • Windows 10 Pro is activated by digital license
    • Windows 10Pro inbuilt antivirus only
    • Windows 2008 R2 Domain controller -- Forest and domain set as 2008 R2

    [Moved from: Windows / Windows 10 / Windows update, recovery, & backup]
     
    Ayyanar Sithanandhan, Dec 2, 2020
    #3
  4. Add a work user in Windows 10 connected to Domain

    active domain

    Hello,

    There are ways to view your computer's domain name in Windows 10. You can follow the steps below to view your computer's domain name (If your computer is connected to a domain):

    • Right-click on the Start button and select System.
    • Click on the Advance system settings link on the left pane.
    • On the Advance system settings window, you can see the
      Domain column
      with the domain name if you computer is
      connected to a domain
      or Workgroup if you computer is
      connected to a workgroup
      .

    To join an active domain, you need to take note of the following:

    • A User Account on the Domain.
    • Name of Domain.
    • Computer running Windows 10 Pro or Enterprise/Education editions.
    • Domain Controller must be running Windows Server 2003 (functional level or later).

    • On the Windows 10 PC go to Settings > System > About then click
      Join a domain.
    • Enter the Domain name and click Next.
    • Enter account information which is used to authenticate on the Domain then click
      OK.
    • Wait while your computer is authenticated on the Domain.
    • Click Next.
    • And then you’ll need to restart your computer to complete the process.
    • When the sign in screen appears, you will notice the
      DOMAIN\User account
      is displayed. Enter your password and you will now be logged onto your Domain.

    You will notice that once you are connected to the Domain, the About settings no longer list options that were presented before. This is because your computer is centrally managed by the server.

    Should you have further questions, please let us know.
     
    Jefferson Ore, Dec 2, 2020
    #4
Thema:

Add a work user in Windows 10 connected to Domain

Loading...
  1. Add a work user in Windows 10 connected to Domain - Similar Threads - Add user connected

  2. Domain user login not working

    in Windows Hello & Lockscreen
    Domain user login not working: Hi All, I have a some doubt regarding one of user logon scenario.I am using _KERB_INTERACTIVE_UNLOCK_LOGON structure. Under that Logon member is corresponding to KERB_INTERACTIVE_LOGON.Here is the structure:typedef struct _KERB_INTERACTIVE_LOGON { KERB_LOGON_SUBMIT_TYPE...
  3. Domain user login not working

    in Windows 10 Gaming
    Domain user login not working: Hi All, I have a some doubt regarding one of user logon scenario.I am using _KERB_INTERACTIVE_UNLOCK_LOGON structure. Under that Logon member is corresponding to KERB_INTERACTIVE_LOGON.Here is the structure:typedef struct _KERB_INTERACTIVE_LOGON { KERB_LOGON_SUBMIT_TYPE...
  4. Domain user login not working

    in Windows 10 Software and Apps
    Domain user login not working: Hi All, I have a some doubt regarding one of user logon scenario.I am using _KERB_INTERACTIVE_UNLOCK_LOGON structure. Under that Logon member is corresponding to KERB_INTERACTIVE_LOGON.Here is the structure:typedef struct _KERB_INTERACTIVE_LOGON { KERB_LOGON_SUBMIT_TYPE...
  5. Connecting to rdp - domain user

    in Windows 10 Ask Insider
    Connecting to rdp - domain user: I connect to the Windows 10 Professional with Microsoft Remote Desktop app for MacOS - on my Windows PC, I've account created by logging to Windows with my work credentials, name@company.com - which I understand is domain account(but the remote computer is not in domain...
  6. User@Domain / Domain\User problem

    in Windows 10 Ask Insider
    User@Domain / Domain\User problem: So I was checking my Windows 10 computer and saw that there was no domain, it was in a WORKGROUP. I needed to use the format "User@Domain" or "Domain\User" for something, and I do not know what to put. The username is just "User" and there is no password. submitted by...
  7. Windows - users logged on to samba NT domain cannot connect WIFI ! but local domain users can.

    in Windows 10 Network and Sharing
    Windows - users logged on to samba NT domain cannot connect WIFI ! but local domain users can.: hi everybody, The problem I'm experiencing is pretty much what is in the subject. ver. 1903 windows are members of Samba (classic NT) domain and users of that domain when logged in cannot connect to WIFI, but if a local user logs in on the same workstation then WIFI gets...
  8. Windows 10 domain user migration

    in Windows 10 Network and Sharing
    Windows 10 domain user migration: Hi, I have a network with several Windows 10 Pcs connected to a windows domain server. I want to leave the domain and use the Pcs in a workgroup. If a disconnect the domain server all the Pcs continue working even if I restart it, this is because of the domain login cache....
  9. Windows 10 domain user issues

    in Windows 10 Customization
    Windows 10 domain user issues: Hey, I have had nothing but issues getting a Windows 10 Pro machine to work within a 2011 SBS environment. I have had issues with the firewall, which is now totally shutdown; it was preventing network applications from installing. It was just the domain element of the...
  10. Domain Users and Windows 10

    in User Accounts and Family Safety
    Domain Users and Windows 10: I upgraded from Windows 7 and my account transferred without an issue. My wife's account (who uses the same computer and we switch users) did not. I ended up deleting her account and recreated a new one. She can log in, but the start button and action center do not...