JSI Tip 5461. What happens to the local user accounts when I promote a server to a domain controller?

If the new domain controller is the first domain controller in a new domain, the local accounts are migrated to the Active Directory database.  Permissions are migrated to use the domain SID, so they are preserved.

In an existing domain, the local SAM database is NOT migrated.

The local SAM database is never used when the server is running as a domain controller. The local accounts for any promoted server are only available when you boot to Safe Mode, Directory Services Restore mode, or the Recovery Console.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.