How do I – Add a User Account to the Local Administrators security group of a Domain Controller

Once you have done a DCPROMO (promoting your server to a domain controller) on your server, Windows removes the ability to manage local administrators from the server, at least via the GUI interface. As you can see here in the following two screen shots, the “Local Users and Groups” GUI option which is normally available on a non domain controller server thus:

Is removed once the server is promoted to a domain controller thus:

How do we work around this issue then?

Bring out the good old administrative command line…

1. Click through your Start menu and navigate to locate the “Command Prompt”.
2. Right click the “Command Prompt” icon.
3. On the popup menu, click “Run as administrator”.
4. 
5. In the admin window that opens, use the following syntax to add the target account to the local administrators group of the server:
6. net localgroup administrators /add <domain>\<user>
7. Where the <domain> value is the target domain and the <user> value is the target user e.g.
8. 
9. In the example above we added the DEV\SPADM account to the server’s local administrators group.

Cheers
C